From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 27 Sep 2022 12:32:35 +0000 (+0200)
Subject: resolved: paranoia: restrict socket mode as much as we can
X-Git-Tag: v252-rc1~69
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1aefb25f37fbfb42c2e229d245e22735b897db6e;p=thirdparty%2Fsystemd.git

resolved: paranoia: restrict socket mode as much as we can
---

diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c
index 75628f054c7..4d56e6b018f 100644
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -582,7 +582,7 @@ static int varlink_notification_server_init(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
 
-        r = varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0660);
+        r = varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0600);
         if (r < 0)
                 return log_error_errno(r, "Failed to bind to varlink socket: %m");