diff options
| author | Werner Koch <wk@gnupg.org> | 2016-06-08 16:18:02 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-06-08 16:18:02 +0200 |
| commit | 8127043d549a5843ea1ba2dc6da4906fc2258d53 (patch) | |
| tree | c6b126885f2d3b1ee15b9e53009ec75f5cf86cf8 /agent | |
| parent | w32: Fix recent build regression. (diff) | |
| download | gnupg2-8127043d549a5843ea1ba2dc6da4906fc2258d53.tar.xz gnupg2-8127043d549a5843ea1ba2dc6da4906fc2258d53.zip | |
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/gpg-agent.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 538ff0874..90b0eaf35 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin, agent_exit (2); } + if (gnupg_chmod (unaddr->sun_path, "-rwx")) + log_error (_("can't set permissions of '%s': %s\n"), + unaddr->sun_path, strerror (errno)); + if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), strerror (errno)); |