vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

conmon: Make console socket mode 0700

Browse source 
It doesn't make sense for other users to connect to this, so
lets make sure of this.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
This commit is contained in:
Alexander Larsson 2017-06-02 15:31:43 +02:00
parent f1b0f542e1
commit f4b3e90141
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
conmon/conmon.c
View file

@ -14,6 +14,7 @@
#include <sys/un.h> #include <sys/un.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/eventfd.h> #include <sys/eventfd.h>
#include <sys/stat.h>
#include <syslog.h> #include <syslog.h>
#include <unistd.h> #include <unistd.h>
@ -549,6 +550,8 @@ int main(int argc, char *argv[])
csfd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); csfd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
if (csfd < 0) if (csfd < 0)
pexit("Failed to create console-socket"); pexit("Failed to create console-socket");
if (fchmod(csfd, 0700))
pexit("Failed to change console-socket permissions");
/* XXX: This should be handled with a rename(2). */ /* XXX: This should be handled with a rename(2). */
if (unlink(csname) < 0) if (unlink(csname) < 0)
pexit("Failed to unlink temporary ranom path"); pexit("Failed to unlink temporary ranom path");