[core] set socket perms after bind, before listen

(it is still recommended to create sockets in protected directories) x-ref: "Feature request: add server config for setting permissions on Unix domain socket" https://redmine.lighttpd.net/issues/656
5 years ago · 19d2190a4f
1 changed files with 5 additions and 5 deletions
--- a/src/network.c
+++ b/src/network.c
@ -271,11 +271,6 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
 		goto error_free_socket;
 	}

-	if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
-		log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
-		goto error_free_socket;
-	}
-
 	if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
 		mode_t m = 0;
 		for (char *str = s->socket_perms->ptr; *str; ++str) {
@ -287,6 +282,11 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
 		}
 	}

+	if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
+		log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
+		goto error_free_socket;
+	}
+
 	if (s->ssl_enabled) {
 #ifdef TCP_DEFER_ACCEPT
 	} else if (s->defer_accept) {