[core] set socket perms after bind, before listen

(it is still recommended to create sockets in protected directories)

x-ref:
  "Feature request: add server config for setting permissions on Unix domain socket"
  https://redmine.lighttpd.net/issues/656
personal/stbuehler/mod-csrf
Glenn Strauss 2017-08-03 00:37:43 -04:00
parent 3c8afd194c
commit 19d2190a4f
1 changed files with 5 additions and 5 deletions

View File

@ -271,11 +271,6 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
goto error_free_socket;
}
if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
goto error_free_socket;
}
if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
mode_t m = 0;
for (char *str = s->socket_perms->ptr; *str; ++str) {
@ -287,6 +282,11 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
}
}
if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
goto error_free_socket;
}
if (s->ssl_enabled) {
#ifdef TCP_DEFER_ACCEPT
} else if (s->defer_accept) {