Skip to content

Commit b74be3e

Browse files
golluxgollux
committed
Avoid group writability of the backdoor socket
1 parent 55542ae commit b74be3e

File tree

1 file changed

+1
-5
lines changed

1 file changed

+1
-5
lines changed

cms/io/service.py

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -268,11 +268,7 @@ def start_backdoor(self, backlog=50):
268268
socket.SOCK_STREAM)
269269
backdoor_sock.setblocking(0)
270270
backdoor_sock.bind(backdoor_path)
271-
user = pwd.getpwnam(config.cmsuser)
272-
# We would like to also set the user to "cmsuser" but only root
273-
# can do that. Therefore we limit ourselves to the group.
274-
os.chown(backdoor_path, os.getuid(), user.pw_gid)
275-
os.chmod(backdoor_path, 0o770)
271+
os.chmod(backdoor_path, 0o700)
276272
backdoor_sock.listen(backlog)
277273
self.backdoor = BackdoorServer(backdoor_sock, locals={'service': self})
278274
self.backdoor.start()

0 commit comments

Comments
 (0)