resolved: paranoia: restrict socket mode as much as we can

author Lennart Poettering <lennart@poettering.net>

Tue, 27 Sep 2022 12:32:35 +0000 (14:32 +0200)

committer Luca Boccassi <luca.boccassi@gmail.com>

Wed, 28 Sep 2022 23:42:14 +0000 (00:42 +0100)
author Lennart Poettering <lennart@poettering.net>
Tue, 27 Sep 2022 12:32:35 +0000 (14:32 +0200)
committer Luca Boccassi <luca.boccassi@gmail.com>
Wed, 28 Sep 2022 23:42:14 +0000 (00:42 +0100)
diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c

index 75628f054c7139ceeaba08b2f580ee5a7b642910..4d56e6b018f766d381b2c65a00ea5a10e6dd2f57 100644 (file)
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -582,7 +582,7 @@ static int varlink_notification_server_init(Manager *m) {
          if (r < 0)
                  return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
  
-        r = varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0660);
+        r = varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0600);
          if (r < 0)
                  return log_error_errno(r, "Failed to bind to varlink socket: %m");
author	Lennart Poettering <lennart@poettering.net>
	Tue, 27 Sep 2022 12:32:35 +0000 (14:32 +0200)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 28 Sep 2022 23:42:14 +0000 (00:42 +0100)