src/patches/openswan-1.0.1-plutoctl.patch

   1 diff -ruN openswan-1.0.1.bak/pluto/server.c openswan-1.0.1/pluto/server.c
   2 --- openswan-1.0.1.bak/pluto/server.c   2003-11-17 00:32:11.000000000 +0100
   3 +++ openswan-1.0.1/pluto/server.c       2004-03-12 14:58:00.000000000 +0100
   4 @@ -98,12 +98,13 @@
   5      else
   6      {
   7         /* to keep control socket secure, use umask */
   8 -       mode_t ou = umask(~S_IRWXU);
   9 +       mode_t ou = umask(~(S_IRWXU | S_IRWXG));
  10
  11         if (bind(ctl_fd, (struct sockaddr *)&ctl_addr
  12         , offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
  13             failed = "bind";
  14         umask(ou);
  15 +       chown(ctl_addr.sun_path, 0, 99);
  16      }
  17
  18      /* 5 is a haphazardly chosen limit for the backlog.