commit 775a262de21a8c381f4535ea697739450422223d parent fac95f737d3c967a1b49c95882174f65f6bd1b34 Author: Sean Enck <sean@ttypty.com> Date: Wed, 6 Oct 2021 18:16:10 -0400 check directory for being d700 Diffstat:
| M | internal/socket.go | | | 8 | ++++++++ |
1 file changed, 8 insertions(+), 0 deletions(-)
diff --git a/internal/socket.go b/internal/socket.go @@ -3,6 +3,7 @@ package internal import ( "bytes" "fmt" + "io/fs" "net" "os" "path/filepath" @@ -82,6 +83,13 @@ func SocketHandler(isHost bool) error { return err } } + stats, err := os.Stat(dir) + if err != nil { + return err + } + if stats.Mode() != fs.ModeDir|0700 { + return NewLockboxError("invalid permissions on lb socket directory, too open") + } if stock.PathExists(path) { if err := os.Remove(path); err != nil { return err