From 8127043d549a5843ea1ba2dc6da4906fc2258d53 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 8 Jun 2016 16:18:02 +0200
Subject: Explicitly restrict socket permissions.

* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
---
 agent/gpg-agent.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'agent')

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 538ff0874..90b0eaf35 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin,
       agent_exit (2);
     }
 
+  if (gnupg_chmod (unaddr->sun_path, "-rwx"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               unaddr->sun_path, strerror (errno));
+
   if (listen (FD2INT(fd), 5 ) == -1)
     {
       log_error (_("listen() failed: %s\n"), strerror (errno));
-- 
cgit v1.2.3