gti2d: Set umask to 0077 to secure the UNIX domain socket

author: Runxi Yu <me@runxiyu.org> 2025-04-03 11:35:18 +0800
committer: Runxi Yu <me@runxiyu.org> 2025-04-03 11:35:18 +0800
commit: ddc0c935a124805709387ba3c30065344c956d41 (patch)
tree: 863f6626433e181006009a8c51ddbfb08321de5e /git2d/main.c
parent: git2d: Slight cleanup; print error integers to connection for now (diff)
download: forge-ddc0c935a124805709387ba3c30065344c956d41.tar.gz
forge-ddc0c935a124805709387ba3c30065344c956d41.tar.zst
forge-ddc0c935a124805709387ba3c30065344c956d41.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/git2d/main.c b/git2d/main.c
index 3f253c7..345f66d 100644
--- a/git2d/main.c
+++ b/git2d/main.c
@@ -8,6 +8,7 @@
 #include <git2.h>
 #include <pthread.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/un.h>
 #include <stdio.h>
@@ -135,6 +136,8 @@ main(int argc, char **argv)
 	addr.sun_family = AF_UNIX;
 	strcpy(addr.sun_path, argv[1]);
 
+	umask(0077);
+
 	if (bind(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_un))) {
 		if (errno == EADDRINUSE) {
 			unlink(argv[1]);
author	Runxi Yu <me@runxiyu.org>	2025-04-03 11:35:18 +0800
committer	Runxi Yu <me@runxiyu.org>	2025-04-03 11:35:18 +0800
commit	ddc0c935a124805709387ba3c30065344c956d41 (patch)
tree	863f6626433e181006009a8c51ddbfb08321de5e /git2d/main.c
parent	git2d: Slight cleanup; print error integers to connection for now (diff)
download	forge-ddc0c935a124805709387ba3c30065344c956d41.tar.gz forge-ddc0c935a124805709387ba3c30065344c956d41.tar.zst forge-ddc0c935a124805709387ba3c30065344c956d41.zip