oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

fixed setting unix socket permissions

Browse Source 
first call fchmod() to prevent TOCTTOU, then apply permissions using
chmod()
This commit is contained in:
1848 2018-08-14 22:53:19 +02:00
parent c46483a4ab
commit 4797357fa9
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/event/ServerSocket.cxx
View File

@ -184,6 +184,13 @@ OneServerSocket::Open()
SOCK_STREAM, 0, SOCK_STREAM, 0,
address, 5); address, 5);
#ifdef HAVE_UN
/* allow everybody to connect */
if (!path.IsNull())
chmod(path.c_str(), 0666);
#endif
/* register in the EventLoop */ /* register in the EventLoop */
SetFD(_fd.Release()); SetFD(_fd.Release());

5
src/net/SocketUtil.cxx
View File

@ -34,11 +34,10 @@ socket_bind_listen(int domain, int type, int protocol,
if (!fd.CreateNonBlock(domain, type, protocol)) if (!fd.CreateNonBlock(domain, type, protocol))
throw MakeSocketError("Failed to create socket"); throw MakeSocketError("Failed to create socket");
#ifdef HAVE_UN #ifdef HAVE_UN
if (domain == AF_UNIX) { if (domain == AF_UNIX) {
/* allow everybody to connect */ /* Prevent access until right permissions are set */
fchmod(fd.Get(), 0666); fchmod(fd.Get(), 0);
} }
#endif #endif

4
src/net/SocketUtil.hxx
View File

@ -32,6 +32,10 @@ class SocketAddress;
/** /**
* Creates a socket listening on the specified address. This is a * Creates a socket listening on the specified address. This is a
* shortcut for socket(), bind() and listen(). * shortcut for socket(), bind() and listen().
* When a unix socket is created (domain == AF_UNIX), its
* permissions will be stripped down to prevent unauthorized
* access. The caller is responsible to apply proper permissions
* at a later point.
* *
* Throws #std::system_error on error. * Throws #std::system_error on error.
* *