Infoleak ifnames and be more permissive

Listing interfaces is already permitted by the OS, so we allow this info
leak too.

diff --git a/uapi_bsd.go b/uapi_bsd.go
index b2a7644833de8cda8f9daebf3dbde39608bca8da..bb16d2cd2dadd116398ead7ead926fc0c489eae8 100644 (file)
--- a/uapi_bsd.go
+++ b/uapi_bsd.go
@@ -150,7 +150,7 @@ func UAPIOpen(name string) (*os.File, error) {
 
        // check if path exist
 
-       err := os.MkdirAll(socketDirectory, 0700)
+       err := os.MkdirAll(socketDirectory, 0755)
        if err != nil && !os.IsExist(err) {
                return nil, err
        }
@@ -167,6 +167,7 @@ func UAPIOpen(name string) (*os.File, error) {
                return nil, err
        }
 
+       oldUmask := unix.Umask(0077)
        listener, err := func() (*net.UnixListener, error) {
 
                // initial connection attempt
@@ -191,6 +192,7 @@ func UAPIOpen(name string) (*os.File, error) {
                }
                return net.ListenUnix("unix", addr)
        }()
+       unix.Umask(oldUmask)
 
        if err != nil {
                return nil, err

diff --git a/uapi_linux.go b/uapi_linux.go
index 5e866287452a92354e4ad24fd88f3b754ac1ae22..4b745871e0d54ddef6842fa7073443dd7904e509 100644 (file)
--- a/uapi_linux.go
+++ b/uapi_linux.go
@@ -147,7 +147,7 @@ func UAPIOpen(name string) (*os.File, error) {
 
        // check if path exist
 
-       err := os.MkdirAll(socketDirectory, 0700)
+       err := os.MkdirAll(socketDirectory, 0755)
        if err != nil && !os.IsExist(err) {
                return nil, err
        }
@@ -164,6 +164,7 @@ func UAPIOpen(name string) (*os.File, error) {
                return nil, err
        }
 
+       oldUmask := unix.Umask(0077)
        listener, err := func() (*net.UnixListener, error) {
 
                // initial connection attempt
@@ -188,6 +189,7 @@ func UAPIOpen(name string) (*os.File, error) {
                }
                return net.ListenUnix("unix", addr)
        }()
+       unix.Umask(oldUmask)
 
        if err != nil {
                return nil, err