morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

nspawn: lock down access to notify socket a bit

Browse Source 
On Linux only the "w" access bit is necessary to connect to an AF_UNIX
socket, hence let's only set that and nothing else, to limit exposure.

Just paranoia.
This commit is contained in:
Lennart Poettering
2024-01-05 16:41:24 +01:00
committed by Yu Watanabe
parent d7942fe5fc
commit 6db53d20f5
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/nspawn/nspawn.c
View File

@@ -3593,9 +3593,11 @@ static int setup_notify_child(void) {
(void) mkdir_parents(NSPAWN_NOTIFY_SOCKET_PATH, 0755);
(void) sockaddr_un_unlink(&sa.un);
r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
if (r < 0)
return log_error_errno(errno, "bind(" NSPAWN_NOTIFY_SOCKET_PATH ") failed: %m");
WITH_UMASK(0577) { /* only set "w" bit, which is all that's necessary for connecting from the container */
r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
if (r < 0)
return log_error_errno(errno, "bind(" NSPAWN_NOTIFY_SOCKET_PATH ") failed: %m");
}
r = userns_lchown(NSPAWN_NOTIFY_SOCKET_PATH, 0, 0);
if (r < 0)