Mercurial > hg > rlgwebd
diff rlgwebd @ 208:f06f2d1a5035
Fix possibly insecure permissions on the control socket.
The server's control socket is now in a private directory.
author | John "Elwin" Edwards |
---|---|
date | Sat, 28 Jan 2017 09:57:31 -0500 |
parents | 04c2a895b679 |
children | b04313038a0b |
line wrap: on
line diff
--- a/rlgwebd Fri Jan 27 19:18:31 2017 -0500 +++ b/rlgwebd Sat Jan 28 09:57:31 2017 -0500 @@ -15,7 +15,7 @@ /* Default options */ var rlgwebd_options = { - control_socket: "/var/run/rlgwebd.sock", + control_socket: "/var/run/rlgwebd/rlgwebd.sock", port: 8080, chrootDir: "/var/dgl/", username: "rodney", @@ -1266,6 +1266,21 @@ tls_options.ca = read_or_die(rlgwebd_options.cafile, "CA file"); }; +/* Make sure the socket directory is secure. */ +var socket_dir = path.dirname(rlgwebd_options.control_socket); +try { + fs.mkdirSync(socket_dir, 0o700); +} +catch (err) { + if (err.code == "EEXIST") { + fs.chownSync(socket_dir, 0, 0); + fs.chmodSync(socket_dir, 0o700); + } + else { + throw err; + } +} + /* Open the control socket before chrooting where it can't be found */ var ctlServer = net.createServer(function (sock) { sock.on('data', consoleHandler);