[people/pmueller/ipfire-2.x.git] / src / patches / openswan-1.0.1-plutoctl.patch

diff -ruN openswan-1.0.1.bak/pluto/server.c openswan-1.0.1/pluto/server.c
--- openswan-1.0.1.bak/pluto/server.c	2003-11-17 00:32:11.000000000 +0100
+++ openswan-1.0.1/pluto/server.c	2004-03-12 14:58:00.000000000 +0100
@@ -98,12 +98,13 @@
     else
     {
 	/* to keep control socket secure, use umask */
-	mode_t ou = umask(~S_IRWXU);
+	mode_t ou = umask(~(S_IRWXU | S_IRWXG));
 
 	if (bind(ctl_fd, (struct sockaddr *)&ctl_addr
 	, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
 	    failed = "bind";
 	umask(ou);
+	chown(ctl_addr.sun_path, 0, 99);
     }
 
     /* 5 is a haphazardly chosen limit for the backlog.
Commit	Line	Data
cd1a2927 MT	1	diff -ruN openswan-1.0.1.bak/pluto/server.c openswan-1.0.1/pluto/server.c
	2	--- openswan-1.0.1.bak/pluto/server.c 2003-11-17 00:32:11.000000000 +0100
	3	+++ openswan-1.0.1/pluto/server.c 2004-03-12 14:58:00.000000000 +0100
	4	@@ -98,12 +98,13 @@
	5	else
	6	{
	7	/* to keep control socket secure, use umask */
	8	- mode_t ou = umask(~S_IRWXU);
	9	+ mode_t ou = umask(~(S_IRWXU \| S_IRWXG));
	10
	11	if (bind(ctl_fd, (struct sockaddr *)&ctl_addr
	12	, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
	13	failed = "bind";
	14	umask(ou);
	15	+ chown(ctl_addr.sun_path, 0, 99);
	16	}
	17
	18	/* 5 is a haphazardly chosen limit for the backlog.