aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/control/interfaces/stroke_interface.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/control/interfaces/stroke_interface.c')
-rwxr-xr-xsrc/charon/control/interfaces/stroke_interface.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/charon/control/interfaces/stroke_interface.c b/src/charon/control/interfaces/stroke_interface.c
index 74bfa1aec..3ab6b5700 100755
--- a/src/charon/control/interfaces/stroke_interface.c
+++ b/src/charon/control/interfaces/stroke_interface.c
@@ -1698,7 +1698,7 @@ interface_t *interface_create()
return NULL;
}
- old = umask(~S_IRWXU);
+ old = umask(~(S_IRWXU | S_IRWXG));
if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
{
DBG1(DBG_CFG, "could not bind stroke socket: %s", strerror(errno));
@@ -1707,6 +1707,11 @@ interface_t *interface_create()
return NULL;
}
umask(old);
+ if (chown(socket_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
+ {
+ DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
+ strerror(errno));
+ }
if (listen(this->socket, 0) < 0)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-20 10:06:37 +0000