diff options
Diffstat (limited to 'src/net')
-rw-r--r-- | src/net/SocketUtil.cxx | 5 | ||||
-rw-r--r-- | src/net/SocketUtil.hxx | 4 |
2 files changed, 6 insertions, 3 deletions
diff --git a/src/net/SocketUtil.cxx b/src/net/SocketUtil.cxx index de2c25917..42962c0eb 100644 --- a/src/net/SocketUtil.cxx +++ b/src/net/SocketUtil.cxx @@ -34,11 +34,10 @@ socket_bind_listen(int domain, int type, int protocol, if (!fd.CreateNonBlock(domain, type, protocol)) throw MakeSocketError("Failed to create socket"); - #ifdef HAVE_UN if (domain == AF_UNIX) { - /* allow everybody to connect */ - fchmod(fd.Get(), 0666); + /* Prevent access until right permissions are set */ + fchmod(fd.Get(), 0); } #endif diff --git a/src/net/SocketUtil.hxx b/src/net/SocketUtil.hxx index a8ae998a4..b8a14ea4d 100644 --- a/src/net/SocketUtil.hxx +++ b/src/net/SocketUtil.hxx @@ -32,6 +32,10 @@ class SocketAddress; /** * Creates a socket listening on the specified address. This is a * shortcut for socket(), bind() and listen(). + * When a unix socket is created (domain == AF_UNIX), its + * permissions will be stripped down to prevent unauthorized + * access. The caller is responsible to apply proper permissions + * at a later point. * * Throws #std::system_error on error. * |