From ddc0c935a124805709387ba3c30065344c956d41 Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Thu, 3 Apr 2025 11:35:18 +0800
Subject: gti2d: Set umask to 0077 to secure the UNIX domain socket

---
 git2d/main.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'git2d/main.c')

diff --git a/git2d/main.c b/git2d/main.c
index 3f253c7..345f66d 100644
--- a/git2d/main.c
+++ b/git2d/main.c
@@ -8,6 +8,7 @@
 #include <git2.h>
 #include <pthread.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/un.h>
 #include <stdio.h>
@@ -135,6 +136,8 @@ main(int argc, char **argv)
 	addr.sun_family = AF_UNIX;
 	strcpy(addr.sun_path, argv[1]);
 
+	umask(0077);
+
 	if (bind(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_un))) {
 		if (errno == EADDRINUSE) {
 			unlink(argv[1]);
-- 
cgit v1.2.3