From e76e533a69be339fd91c2b452f0ac9cc6407851f Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Fri, 3 Jan 2020 20:21:39 +0100 Subject: [PATCH] LibCore: Stop making the RPC sockets go=rw Now that we can fchmod() on a pre-bind() socket, use that to lock down the RPC sockets we publish in all CEventLoop-driven programs. --- Libraries/LibCore/CLocalServer.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Libraries/LibCore/CLocalServer.cpp b/Libraries/LibCore/CLocalServer.cpp index ab20d5e299..81bca49fa8 100644 --- a/Libraries/LibCore/CLocalServer.cpp +++ b/Libraries/LibCore/CLocalServer.cpp @@ -84,6 +84,12 @@ bool CLocalServer::listen(const String& address) #endif ASSERT(m_fd >= 0); + rc = fchmod(m_fd, 0600); + if (rc < 0) { + perror("fchmod"); + ASSERT_NOT_REACHED(); + } + auto socket_address = CSocketAddress::local(address); auto un = socket_address.to_sockaddr_un(); rc = ::bind(m_fd, (const sockaddr*)&un, sizeof(un));