distant icon indicating copy to clipboard operation
distant copied to clipboard
verified publisher icon chipsenkbeil

Set unix socket permission prior to bind

Open chipsenkbeil opened this issue 3 years ago • 2 comments

Tokio tracking issue: https://github.com/tokio-rs/tokio/issues/4422

Example of how to do this with libc and socket2: https://github.com/stackabletech/secret-operator/pull/26/files

Neither tokio nor the std library supports this, which leaves a temporary moment where the socket is world-accessible. By default, we want the permission to be 0o600 (only owner readable and writeable) with the option to configure as 0o666 (anyone can read and write) for looser access.

chipsenkbeil avatar Jul 19 '22 13:07 chipsenkbeil 

// Workaround for https://github.com/tokio-rs/tokio/issues/4422
let socket = Socket::new(socket2::Domain::UNIX, socket2::Type::STREAM, None)?;
unsafe {
    // Socket-level chmod is propagated to the file created by Socket::bind.
    // We need to chmod /before/ creating the file, because otherwise there is a brief window where
    // the file is world-accessible (unless restricted by the global umask).
    if libc::fchmod(socket.as_raw_fd(), 0o600) == -1 {
        return Err(std::io::Error::last_os_error());
    }
}
socket.bind(&socket2::SockAddr::unix(path)?)?;
socket.listen(1024)?;
UnixListener::from_std(socket.into())

chipsenkbeil avatar Jul 24 '22 16:07 chipsenkbeil