mirror of git://git.gnupg.org/gnupg.git
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen. * scd/scdaemon.c (create_server_socket): Ditto. * dirmngr/dirmngr.c (main): Ditto. -- This is just in case of a improperly set umask. Note that a connect requires a write permissions.
This commit is contained in:
parent
6790115fd9
commit
8127043d54
|
@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin,
|
||||||
agent_exit (2);
|
agent_exit (2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (gnupg_chmod (unaddr->sun_path, "-rwx"))
|
||||||
|
log_error (_("can't set permissions of '%s': %s\n"),
|
||||||
|
unaddr->sun_path, strerror (errno));
|
||||||
|
|
||||||
if (listen (FD2INT(fd), 5 ) == -1)
|
if (listen (FD2INT(fd), 5 ) == -1)
|
||||||
{
|
{
|
||||||
log_error (_("listen() failed: %s\n"), strerror (errno));
|
log_error (_("listen() failed: %s\n"), strerror (errno));
|
||||||
|
|
|
@ -628,7 +628,7 @@ gnupg_mkdir (const char *name, const char *modestr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* A wrapper around mkdir which takes a string for the mode argument.
|
/* A wrapper around chmod which takes a string for the mode argument.
|
||||||
This makes it easier to handle the mode argument which is not
|
This makes it easier to handle the mode argument which is not
|
||||||
defined on all systems. The format of the modestring is the same
|
defined on all systems. The format of the modestring is the same
|
||||||
as for gnupg_mkdir. */
|
as for gnupg_mkdir. */
|
||||||
|
|
|
@ -1183,6 +1183,10 @@ main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
cleanup_socket = 1;
|
cleanup_socket = 1;
|
||||||
|
|
||||||
|
if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
|
||||||
|
log_error (_("can't set permissions of '%s': %s\n"),
|
||||||
|
serv_addr.sun_path, strerror (errno));
|
||||||
|
|
||||||
if (listen (FD2INT (fd), 5) == -1)
|
if (listen (FD2INT (fd), 5) == -1)
|
||||||
{
|
{
|
||||||
log_error (_("listen() failed: %s\n"), strerror (errno));
|
log_error (_("listen() failed: %s\n"), strerror (errno));
|
||||||
|
|
|
@ -1112,6 +1112,10 @@ create_server_socket (const char *name, char **r_redir_name,
|
||||||
scd_exit (2);
|
scd_exit (2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (gnupg_chmod (unaddr->sun_path, "-rwx"))
|
||||||
|
log_error (_("can't set permissions of '%s': %s\n"),
|
||||||
|
unaddr->sun_path, strerror (errno));
|
||||||
|
|
||||||
if (listen (FD2INT(fd), 5 ) == -1)
|
if (listen (FD2INT(fd), 5 ) == -1)
|
||||||
{
|
{
|
||||||
log_error (_("listen() failed: %s\n"),
|
log_error (_("listen() failed: %s\n"),
|
||||||
|
|
Loading…
Reference in New Issue