Reduce usock file permissions to 700.

No need to expose +rx permissions for group and others, since only owner (root) is supposed to be able to connect. According to unix(7) manpage +w is needed to connect to a unix socket. Signed-off-by: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de> Signed-off-by: Jiri Pirko <jiri@resnulli.us>
author: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de> 2015-09-09 14:20:30 +0200
committer: Jiri Pirko <jiri@resnulli.us> 2015-09-09 14:28:02 +0200
commit: 4a3e2e381f71e69cbd41156b482910d4c841befb (patch)
tree: f490c89b8b2c47b0eddaf5e226e476a5b9536b29
parent: fc98d32866a119baf93194c3b5bd42101996c04a (diff)
download: libteam-4a3e2e381f71e69cbd41156b482910d4c841befb.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/teamd/teamd_usock.c b/teamd/teamd_usock.c
index 1fd3b66..967f68c 100644
--- a/teamd/teamd_usock.c
+++ b/teamd/teamd_usock.c
@@ -308,6 +308,13 @@ static int teamd_usock_sock_open(struct teamd_context *ctx)
 		return -errno;
 	}
 
+	err = fchmod(sock, 0700);
+	if (err == -1) {
+		teamd_log_err("usock: Failed to change socket permissions.");
+		err = -errno;
+		goto close_sock;
+	}
+
 	addr.sun_family = AF_UNIX;
 	teamd_usock_get_sockpath(addr.sun_path, sizeof(addr.sun_path),
 				 ctx->team_devname);
author	Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>	2015-09-09 14:20:30 +0200
committer	Jiri Pirko <jiri@resnulli.us>	2015-09-09 14:28:02 +0200
commit	4a3e2e381f71e69cbd41156b482910d4c841befb (patch)
tree	f490c89b8b2c47b0eddaf5e226e476a5b9536b29
parent	fc98d32866a119baf93194c3b5bd42101996c04a (diff)
download	libteam-4a3e2e381f71e69cbd41156b482910d4c841befb.tar.gz