From 8127043d549a5843ea1ba2dc6da4906fc2258d53 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 8 Jun 2016 16:18:02 +0200
Subject: Explicitly restrict socket permissions.

* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
---
 dirmngr/dirmngr.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'dirmngr/dirmngr.c')

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index bc71a4072..7e629db96 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1183,6 +1183,10 @@ main (int argc, char **argv)
         }
       cleanup_socket = 1;
 
+      if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   serv_addr.sun_path, strerror (errno));
+
       if (listen (FD2INT (fd), 5) == -1)
         {
           log_error (_("listen() failed: %s\n"), strerror (errno));
-- 
cgit v1.2.3