diff options
| author | Werner Koch <wk@gnupg.org> | 2016-06-08 16:18:02 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-06-08 16:18:02 +0200 |
| commit | 8127043d549a5843ea1ba2dc6da4906fc2258d53 (patch) | |
| tree | c6b126885f2d3b1ee15b9e53009ec75f5cf86cf8 /scd/scdaemon.c | |
| parent | w32: Fix recent build regression. (diff) | |
| download | gnupg2-8127043d549a5843ea1ba2dc6da4906fc2258d53.tar.xz gnupg2-8127043d549a5843ea1ba2dc6da4906fc2258d53.zip | |
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
Diffstat (limited to 'scd/scdaemon.c')
| -rw-r--r-- | scd/scdaemon.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 8303acc3c..9c11cad46 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1112,6 +1112,10 @@ create_server_socket (const char *name, char **r_redir_name, scd_exit (2); } + if (gnupg_chmod (unaddr->sun_path, "-rwx")) + log_error (_("can't set permissions of '%s': %s\n"), + unaddr->sun_path, strerror (errno)); + if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), |