diff options
| author | Andrew Price <andy@adpx.net> | 2024-09-06 19:32:35 +0100 |
|---|---|---|
| committer | Andrew Price <andy@adpx.net> | 2024-09-06 19:40:31 +0100 |
| commit | 64077ff3de40d12eec83501cb06280a0e02027fc (patch) | |
| tree | fb118fd7942f6e2e9f9aa74054beedff412e5392 /drivers | |
| parent | f49c9d7cd1d33586fbd106057a894b3effc04331 (diff) | |
| download | redot-engine-64077ff3de40d12eec83501cb06280a0e02027fc.tar.gz | |
unix: Limit named pipe permissions to the current user
Named pipes created using the "pipe://" file access scheme should not be
world-writable or readable. Limit their access to the current user by
creating them with 0600 permissions instead of 0666.
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/unix/file_access_unix_pipe.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/unix/file_access_unix_pipe.cpp b/drivers/unix/file_access_unix_pipe.cpp index 34758e8c7d..bdf02f5379 100644 --- a/drivers/unix/file_access_unix_pipe.cpp +++ b/drivers/unix/file_access_unix_pipe.cpp @@ -65,7 +65,7 @@ Error FileAccessUnixPipe::open_internal(const String &p_path, int p_mode_flags) struct stat st = {}; int err = stat(path.utf8().get_data(), &st); if (err) { - if (mkfifo(path.utf8().get_data(), 0666) != 0) { + if (mkfifo(path.utf8().get_data(), 0600) != 0) { last_error = ERR_FILE_CANT_OPEN; return last_error; } |