mirror of
https://github.com/checkpoint-restore/criu.git
synced 2026-07-17 16:47:50 +00:00
service: restrict socket permissions to 0600
Change the service socket permissions from 0666 (world-accessible) to 0600 (owner-only) to prevent unauthorized local users from connecting to the CRIU service socket. Print a message informing the administrator that the socket is restricted and that chmod should be used to widen access if needed. Assisted-by: Claude Code (claude-opus-4-6):claude-opus-4-6@default Generated with Claude Code (https://claude.ai/code) Signed-off-by: Adrian Reber <areber@redhat.com>
This commit is contained in:
parent
341c9fa7de
commit
339db9fd46
1 changed files with 6 additions and 2 deletions
|
|
@ -1534,12 +1534,16 @@ int cr_service(bool daemon_mode)
|
|||
|
||||
pr_info("The service socket is bound to %s\n", server_addr.sun_path);
|
||||
|
||||
/* change service socket permissions, so anyone can connect to it */
|
||||
if (chmod(server_addr.sun_path, 0666)) {
|
||||
/* restrict service socket permissions to owner only */
|
||||
if (chmod(server_addr.sun_path, 0600)) {
|
||||
pr_perror("Can't change permissions of the service socket");
|
||||
goto err;
|
||||
}
|
||||
|
||||
pr_msg("Service socket %s has permissions 0600. "
|
||||
"Use chmod to make it accessible to other users if needed.\n",
|
||||
server_addr.sun_path);
|
||||
|
||||
if (listen(server_fd, 16) == -1) {
|
||||
pr_perror("Can't listen for socket connections");
|
||||
goto err;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue