Move server socket to subdirectory and drop world read/execute perrmissions #23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…er /run The rationale here is that QT has no methods to run chown on some files but we do not want the socket being world readable. So instead of writing lenghty C++-code using chown, we simply move the socket file into a subdir which we can put our preferred permissions on during startup of the daemon. Signed-off-by: Lars Wendler <[email protected]>
This file can be used by opentmpfiles or systemd-tmpfiles to make sure the /run/radeon-profile-daemon directory exists with the correct ownership and permissions, effectively making the socket no longer world writeable. Signed-off-by: Stijn Tintel <[email protected]>
In Linux, UNIX sockets honor the permissions of the directory they are in. Now that the UNIX socket was moved to its own subdirectory in /run, which is not accessible by other, the socket is no longer world writeable. However, this is not enough to make the socket writeable by the group that owns the subdirectory. Make the socket group writeable. This way, it will be writeable by the group owning the directory the socket is in. Closes #18 Signed-off-by: Stijn Tintel <[email protected]>
|
Ping @marazmista |
Oxalin
approved these changes
Jan 20, 2023
|
Since the development seems to have stalled, I applied it to my fork. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See individual commit messages for explanation. Fixes #18.