Explicitly restrict socket permissions.

* agent/gpg-agent.c (create_server_socket): Call chmod before listen. * scd/scdaemon.c (create_server_socket): Ditto. * dirmngr/dirmngr.c (main): Ditto. -- This is just in case of a improperly set umask. Note that a connect requires a write permissions.
author: Werner Koch <[email protected]> 2016-06-08 14:18:02 +0000
committer: Werner Koch <[email protected]> 2016-06-08 14:18:02 +0000
commit: 8127043d549a5843ea1ba2dc6da4906fc2258d53 (patch)
tree: c6b126885f2d3b1ee15b9e53009ec75f5cf86cf8 /dirmngr/dirmngr.c
parent: w32: Fix recent build regression. (diff)
download: gnupg-8127043d549a5843ea1ba2dc6da4906fc2258d53.tar.gz
gnupg-8127043d549a5843ea1ba2dc6da4906fc2258d53.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index bc71a4072..7e629db96 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1183,6 +1183,10 @@ main (int argc, char **argv)
         }
       cleanup_socket = 1;
 
+      if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   serv_addr.sun_path, strerror (errno));
+
       if (listen (FD2INT (fd), 5) == -1)
         {
           log_error (_("listen() failed: %s\n"), strerror (errno));
author	Werner Koch <[email protected]>	2016-06-08 14:18:02 +0000
committer	Werner Koch <[email protected]>	2016-06-08 14:18:02 +0000
commit	8127043d549a5843ea1ba2dc6da4906fc2258d53 (patch)
tree	c6b126885f2d3b1ee15b9e53009ec75f5cf86cf8 /dirmngr/dirmngr.c
parent	w32: Fix recent build regression. (diff)
download	gnupg-8127043d549a5843ea1ba2dc6da4906fc2258d53.tar.gz gnupg-8127043d549a5843ea1ba2dc6da4906fc2258d53.zip