fdo-mirrors/libei
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libinput/libei.git synced 2026-05-15 01:08:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

eis: restrict our socket to owner-only

Browse source 
Depending on the umask our socket may be group/world-accessible, let's
not do that because if the current state of the world tells us anything
it is that we can't trust it.

Assisted-by: Claude:claude-opus-4-6
Part-of: <https://gitlab.freedesktop.org/libinput/libei/-/merge_requests/388>
This commit is contained in:
Peter Hutterer 2026-04-17 18:55:43 +10:00 committed by Marge Bot
parent 2b9b001db9
commit c352f16b4a
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/libeis-socket.c
View file

@ -181,6 +181,10 @@ eis_setup_backend_socket(struct eis *eis, const char *socketpath)
if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
return -errno;
/* Restrict socket to owner-only access regardless of umask */
if (fchmod(sockfd, S_IRUSR | S_IWUSR) == -1)
return -errno;
if (listen(sockfd, 2) == -1)
return -errno;