From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 15 Jan 2026 14:14:32 +0000 (+0100)
Subject: stream-service-unix: Remove unnecessary execute permission from sockets
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8d8277ae07608c50793ed784c72662cc1d45740;p=thirdparty%2Fstrongswan.git

stream-service-unix: Remove unnecessary execute permission from sockets

References strongswan/strongswan#2983
---

diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c
index 43c05e376f..c1d8f57c82 100644
--- a/src/libstrongswan/networking/streams/stream_service_unix.c
+++ b/src/libstrongswan/networking/streams/stream_service_unix.c
@@ -52,7 +52,7 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
 	}
 	unlink(addr.sun_path);
 
-	old = umask(S_IRWXO);
+	old = umask(S_IXUSR | S_IXGRP | S_IRWXO);
 	if (bind(fd, (struct sockaddr*)&addr, len) < 0)
 	{
 		DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno));