[core] set socket perms after bind, before listen
(it is still recommended to create sockets in protected directories) x-ref: "Feature request: add server config for setting permissions on Unix domain socket" https://redmine.lighttpd.net/issues/656personal/stbuehler/mod-csrf
parent
3c8afd194c
commit
19d2190a4f
|
@ -271,11 +271,6 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
|
|||
goto error_free_socket;
|
||||
}
|
||||
|
||||
if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
|
||||
goto error_free_socket;
|
||||
}
|
||||
|
||||
if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
|
||||
mode_t m = 0;
|
||||
for (char *str = s->socket_perms->ptr; *str; ++str) {
|
||||
|
@ -287,6 +282,11 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
|
|||
}
|
||||
}
|
||||
|
||||
if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
|
||||
goto error_free_socket;
|
||||
}
|
||||
|
||||
if (s->ssl_enabled) {
|
||||
#ifdef TCP_DEFER_ACCEPT
|
||||
} else if (s->defer_accept) {
|
||||
|
|
Loading…
Reference in New Issue