security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Explicitly restrict socket permissions.

Browse source 
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
This commit is contained in:
Werner Koch 2016-06-08 16:18:02 +02:00
parent 6790115fd9
commit 8127043d54
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dirmngr/dirmngr.c
View file

@ -1183,6 +1183,10 @@ main (int argc, char **argv)
}
cleanup_socket = 1;
if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
log_error (_("can't set permissions of '%s': %s\n"),
serv_addr.sun_path, strerror (errno));
if (listen (FD2INT (fd), 5) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));