Mercurial > hg > rlgwebd
comparison rlgwebd @ 208:f06f2d1a5035
Fix possibly insecure permissions on the control socket.
The server's control socket is now in a private directory.
author | John "Elwin" Edwards |
---|---|
date | Sat, 28 Jan 2017 09:57:31 -0500 |
parents | 04c2a895b679 |
children | b04313038a0b |
comparison
equal
deleted
inserted
replaced
207:ffe22d88bea1 | 208:f06f2d1a5035 |
---|---|
13 var pty = require("pty.js"); | 13 var pty = require("pty.js"); |
14 var WebSocketServer = require("websocket").server; | 14 var WebSocketServer = require("websocket").server; |
15 | 15 |
16 /* Default options */ | 16 /* Default options */ |
17 var rlgwebd_options = { | 17 var rlgwebd_options = { |
18 control_socket: "/var/run/rlgwebd.sock", | 18 control_socket: "/var/run/rlgwebd/rlgwebd.sock", |
19 port: 8080, | 19 port: 8080, |
20 chrootDir: "/var/dgl/", | 20 chrootDir: "/var/dgl/", |
21 username: "rodney", | 21 username: "rodney", |
22 static_root: "/var/www/" | 22 static_root: "/var/www/" |
23 }; | 23 }; |
1264 tls_options.cert = read_or_die(rlgwebd_options.certfile, "Certfile"); | 1264 tls_options.cert = read_or_die(rlgwebd_options.certfile, "Certfile"); |
1265 if ("cafile" in rlgwebd_options) | 1265 if ("cafile" in rlgwebd_options) |
1266 tls_options.ca = read_or_die(rlgwebd_options.cafile, "CA file"); | 1266 tls_options.ca = read_or_die(rlgwebd_options.cafile, "CA file"); |
1267 }; | 1267 }; |
1268 | 1268 |
1269 /* Make sure the socket directory is secure. */ | |
1270 var socket_dir = path.dirname(rlgwebd_options.control_socket); | |
1271 try { | |
1272 fs.mkdirSync(socket_dir, 0o700); | |
1273 } | |
1274 catch (err) { | |
1275 if (err.code == "EEXIST") { | |
1276 fs.chownSync(socket_dir, 0, 0); | |
1277 fs.chmodSync(socket_dir, 0o700); | |
1278 } | |
1279 else { | |
1280 throw err; | |
1281 } | |
1282 } | |
1283 | |
1269 /* Open the control socket before chrooting where it can't be found */ | 1284 /* Open the control socket before chrooting where it can't be found */ |
1270 var ctlServer = net.createServer(function (sock) { | 1285 var ctlServer = net.createServer(function (sock) { |
1271 sock.on('data', consoleHandler); | 1286 sock.on('data', consoleHandler); |
1272 }); | 1287 }); |
1273 ctlServer.listen(rlgwebd_options.control_socket, function () { | 1288 ctlServer.listen(rlgwebd_options.control_socket, function () { |