From 64077ff3de40d12eec83501cb06280a0e02027fc Mon Sep 17 00:00:00 2001
From: Andrew Price <andy@adpx.net>
Date: Fri, 6 Sep 2024 19:32:35 +0100
Subject: unix: Limit named pipe permissions to the current user

Named pipes created using the "pipe://" file access scheme should not be
world-writable or readable. Limit their access to the current user by
creating them with 0600 permissions instead of 0666.
---
 drivers/unix/file_access_unix_pipe.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers')

diff --git a/drivers/unix/file_access_unix_pipe.cpp b/drivers/unix/file_access_unix_pipe.cpp
index 34758e8c7d..bdf02f5379 100644
--- a/drivers/unix/file_access_unix_pipe.cpp
+++ b/drivers/unix/file_access_unix_pipe.cpp
@@ -65,7 +65,7 @@ Error FileAccessUnixPipe::open_internal(const String &p_path, int p_mode_flags)
 	struct stat st = {};
 	int err = stat(path.utf8().get_data(), &st);
 	if (err) {
-		if (mkfifo(path.utf8().get_data(), 0666) != 0) {
+		if (mkfifo(path.utf8().get_data(), 0600) != 0) {
 			last_error = ERR_FILE_CANT_OPEN;
 			return last_error;
 		}
-- 
cgit v1.2.3