[PATCH vd_agent_linux 01/10] vdagentd: Avoid calling chmod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Frediano Ziglio <freddy77@xxxxxxxxx>

Create the socket with the right permissions using umask.
This also prevents possible symlink exploitation in case socket
path is not secure.

Signed-off-by: Frediano Ziglio <freddy77@xxxxxxxxx>
Acked-by: Uri Lublin <uril@xxxxxxxxxx>
---
 src/vdagentd/vdagentd.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index dca6980..a2b74bb 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -1208,7 +1208,9 @@ int main(int argc, char *argv[])
     /* systemd socket activation not enabled, create our own */
 #endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */
     {
+        mode_t mode = umask(0111);
         udscs_server_listen_to_address(server, vdagentd_socket, &err);
+        umask(mode);
     }
 
     if (err) {
@@ -1219,16 +1221,6 @@ int main(int argc, char *argv[])
         return 1;
     }
 
-    /* no need to set permissions on a socket that was provided by systemd */
-    if (own_socket) {
-        if (chmod(vdagentd_socket, 0666)) {
-            syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m",
-                   vdagentd_socket);
-            udscs_destroy_server(server);
-            return 1;
-        }
-    }
-
 #ifdef WITH_STATIC_UINPUT
     uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
                                     debug > 1, uinput_fake);
-- 
2.26.2

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel



[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]