Mercurial > hg > rlgwebd

diff rlgwebd @ 208:f06f2d1a5035

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix possibly insecure permissions on the control socket. The server's control socket is now in a private directory.
author John "Elwin" Edwards
date Sat, 28 Jan 2017 09:57:31 -0500
parents 04c2a895b679
children b04313038a0b
line wrap: on
line diff
--- a/rlgwebd	Fri Jan 27 19:18:31 2017 -0500
+++ b/rlgwebd	Sat Jan 28 09:57:31 2017 -0500
@@ -15,7 +15,7 @@
 
 /* Default options */
 var rlgwebd_options = { 
-  control_socket: "/var/run/rlgwebd.sock",
+  control_socket: "/var/run/rlgwebd/rlgwebd.sock",
   port: 8080,
   chrootDir: "/var/dgl/",
   username: "rodney",
@@ -1266,6 +1266,21 @@
     tls_options.ca = read_or_die(rlgwebd_options.cafile, "CA file");
 };
 
+/* Make sure the socket directory is secure. */
+var socket_dir = path.dirname(rlgwebd_options.control_socket);
+try {
+  fs.mkdirSync(socket_dir, 0o700);
+}
+catch (err) {
+  if (err.code == "EEXIST") {
+    fs.chownSync(socket_dir, 0, 0);
+    fs.chmodSync(socket_dir, 0o700);
+  }
+  else {
+    throw err;
+  }
+}
+
 /* Open the control socket before chrooting where it can't be found */
 var ctlServer = net.createServer(function (sock) {
   sock.on('data', consoleHandler);