From b968d4437509f9eb6378234f7409a20aa4b07fd7 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sun, 6 Jun 2021 18:03:57 +0200 Subject: [PATCH] Base: Make anon's helper services run with 600 socket permissions Some of these were using 660 permissions which meant that other users in the "users" group could connect to anon's service processes. Let's tighten things up by not allowing that. :^) --- Base/etc/SystemServer.ini | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Base/etc/SystemServer.ini b/Base/etc/SystemServer.ini index c062518617..163acb4572 100644 --- a/Base/etc/SystemServer.ini +++ b/Base/etc/SystemServer.ini @@ -1,6 +1,6 @@ [RequestServer] Socket=/tmp/portal/request -SocketPermissions=660 +SocketPermissions=600 Lazy=1 Priority=low User=anon @@ -10,7 +10,7 @@ AcceptSocketConnections=1 [WebContent] Socket=/tmp/portal/webcontent -SocketPermissions=660 +SocketPermissions=600 Lazy=1 User=anon BootModes=graphical @@ -19,7 +19,7 @@ AcceptSocketConnections=1 [ImageDecoder] Socket=/tmp/portal/image -SocketPermissions=660 +SocketPermissions=600 Lazy=1 User=anon BootModes=graphical @@ -28,7 +28,7 @@ AcceptSocketConnections=1 [WebSocket] Socket=/tmp/portal/websocket -SocketPermissions=660 +SocketPermissions=600 Lazy=1 Priority=low User=anon @@ -80,7 +80,7 @@ User=anon [Clipboard] Socket=/tmp/portal/clipboard -SocketPermissions=660 +SocketPermissions=600 Priority=low User=anon @@ -143,7 +143,7 @@ BootModes=text [CppLanguageServer] Socket=/tmp/portal/language/cpp -SocketPermissions=660 +SocketPermissions=600 Lazy=1 User=anon MultiInstance=1 @@ -151,7 +151,7 @@ AcceptSocketConnections=1 [ShellLanguageServer] Socket=/tmp/portal/language/shell -SocketPermissions=660 +SocketPermissions=600 Lazy=1 User=anon MultiInstance=1