Infoleak ifnames and be more permissive

Listing interfaces is already permitted by the OS, so we allow this info
leak too.
This commit is contained in:
Jason A. Donenfeld 2018-05-23 15:38:24 +02:00
parent 588b9f01ae
commit 0b647d1ca7
2 changed files with 6 additions and 2 deletions

View file

@ -150,7 +150,7 @@ func UAPIOpen(name string) (*os.File, error) {
// check if path exist // check if path exist
err := os.MkdirAll(socketDirectory, 0700) err := os.MkdirAll(socketDirectory, 0755)
if err != nil && !os.IsExist(err) { if err != nil && !os.IsExist(err) {
return nil, err return nil, err
} }
@ -167,6 +167,7 @@ func UAPIOpen(name string) (*os.File, error) {
return nil, err return nil, err
} }
oldUmask := unix.Umask(0077)
listener, err := func() (*net.UnixListener, error) { listener, err := func() (*net.UnixListener, error) {
// initial connection attempt // initial connection attempt
@ -191,6 +192,7 @@ func UAPIOpen(name string) (*os.File, error) {
} }
return net.ListenUnix("unix", addr) return net.ListenUnix("unix", addr)
}() }()
unix.Umask(oldUmask)
if err != nil { if err != nil {
return nil, err return nil, err

View file

@ -147,7 +147,7 @@ func UAPIOpen(name string) (*os.File, error) {
// check if path exist // check if path exist
err := os.MkdirAll(socketDirectory, 0700) err := os.MkdirAll(socketDirectory, 0755)
if err != nil && !os.IsExist(err) { if err != nil && !os.IsExist(err) {
return nil, err return nil, err
} }
@ -164,6 +164,7 @@ func UAPIOpen(name string) (*os.File, error) {
return nil, err return nil, err
} }
oldUmask := unix.Umask(0077)
listener, err := func() (*net.UnixListener, error) { listener, err := func() (*net.UnixListener, error) {
// initial connection attempt // initial connection attempt
@ -188,6 +189,7 @@ func UAPIOpen(name string) (*os.File, error) {
} }
return net.ListenUnix("unix", addr) return net.ListenUnix("unix", addr)
}() }()
unix.Umask(oldUmask)
if err != nil { if err != nil {
return nil, err return nil, err