From d1577b34dafbaeb019ca4c3c1e1b6304c9ca55c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sun, 12 May 2019 22:27:43 +0200
Subject: [PATCH] relay: set mode 700 on the unix socket file (only the owner
 can use it)

---
 src/plugins/relay/relay-server.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/plugins/relay/relay-server.c b/src/plugins/relay/relay-server.c
index 9c2aa1caa..8044f7b35 100644
--- a/src/plugins/relay/relay-server.c
+++ b/src/plugins/relay/relay-server.c
@@ -26,6 +26,7 @@
 #include <time.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -646,6 +647,10 @@ relay_server_create_socket (struct t_relay_server *server)
         return 0;
     }
 
+    /* change permissions: only the owner can use the unix socket */
+    if (server->unix_socket)
+        chmod (server->path, 0700);
+
 #ifdef SOMAXCONN
     if (listen (server->sock, SOMAXCONN) != 0)
 #else