diff options
author | Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de> | 2015-09-09 14:20:30 +0200 |
---|---|---|
committer | Jiri Pirko <jiri@resnulli.us> | 2015-09-09 14:28:02 +0200 |
commit | 4a3e2e381f71e69cbd41156b482910d4c841befb (patch) | |
tree | f490c89b8b2c47b0eddaf5e226e476a5b9536b29 | |
parent | fc98d32866a119baf93194c3b5bd42101996c04a (diff) | |
download | libteam-4a3e2e381f71e69cbd41156b482910d4c841befb.tar.gz |
Reduce usock file permissions to 700.
No need to expose +rx permissions for group and others,
since only owner (root) is supposed to be able to connect.
According to unix(7) manpage +w is needed to connect to a
unix socket.
Signed-off-by: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
-rw-r--r-- | teamd/teamd_usock.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/teamd/teamd_usock.c b/teamd/teamd_usock.c index 1fd3b66..967f68c 100644 --- a/teamd/teamd_usock.c +++ b/teamd/teamd_usock.c @@ -308,6 +308,13 @@ static int teamd_usock_sock_open(struct teamd_context *ctx) return -errno; } + err = fchmod(sock, 0700); + if (err == -1) { + teamd_log_err("usock: Failed to change socket permissions."); + err = -errno; + goto close_sock; + } + addr.sun_family = AF_UNIX; teamd_usock_get_sockpath(addr.sun_path, sizeof(addr.sun_path), ctx->team_devname); |