You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 23, 2017. It is now read-only.
Safe, but (seems?) undocumented way in Linux -- is to call os.fchmod(socket.fileno()) BEFORE bind() + set umask to proper value. Since umask is not thread safe (affect all threads) that action should be done in fork()...
Portable way -- is to call os.chmod(path) after binding. But this will leave socket with wrong permissions during small amount of time.
Socket write permissions are required in order unprivileged process to connect to it.
The text was updated successfully, but these errors were encountered:
@socketpair Do you have any suggestion on this? Changing the socket permission from outside can make it works but just temporarily, as long as the application is restarted the permission is lost and process like nginx (with www-data user) cannot connect anymore.
I do not understand what you mean as "outside". Anyway, too broad permission is a security bug. If appliation is restarted, UNIX-socket is recreated (re-bound) and this code will fire again.
Unfortunatelly this is not so easy.
os.fchmod(socket.fileno())
BEFOREbind()
+ setumask
to proper value. Since umask is not thread safe (affect all threads) that action should be done infork()
...os.chmod(path)
after binding. But this will leave socket with wrong permissions during small amount of time.Socket write permissions are required in order unprivileged process to connect to it.
The text was updated successfully, but these errors were encountered: