1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Explicitly restrict socket permissions.

* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
This commit is contained in:
Werner Koch 2016-06-08 16:18:02 +02:00
parent 6790115fd9
commit 8127043d54
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 13 additions and 1 deletions

View File

@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin,
agent_exit (2);
}
if (gnupg_chmod (unaddr->sun_path, "-rwx"))
log_error (_("can't set permissions of '%s': %s\n"),
unaddr->sun_path, strerror (errno));
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));

View File

@ -628,7 +628,7 @@ gnupg_mkdir (const char *name, const char *modestr)
}
/* A wrapper around mkdir which takes a string for the mode argument.
/* A wrapper around chmod which takes a string for the mode argument.
This makes it easier to handle the mode argument which is not
defined on all systems. The format of the modestring is the same
as for gnupg_mkdir. */

View File

@ -1183,6 +1183,10 @@ main (int argc, char **argv)
}
cleanup_socket = 1;
if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
log_error (_("can't set permissions of '%s': %s\n"),
serv_addr.sun_path, strerror (errno));
if (listen (FD2INT (fd), 5) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));

View File

@ -1112,6 +1112,10 @@ create_server_socket (const char *name, char **r_redir_name,
scd_exit (2);
}
if (gnupg_chmod (unaddr->sun_path, "-rwx"))
log_error (_("can't set permissions of '%s': %s\n"),
unaddr->sun_path, strerror (errno));
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"),