Use mode 01777 for unix domain socket directory and drop access

privilege to the unix domain socket from group and others. This should be no user-visible change.
svn path=/head/; revision=222533
2008-11-08 07:10:43 +00:00 · 2008-11-08 07:10:43 +00:00 · 634cfceb32 · 2021-03-31 03:12:20 +00:00
commit 634cfceb32
parent 9f4f88c513
3 changed files with 64 additions and 6 deletions
--- a/japanese/kinput2/Makefile
+++ b/japanese/kinput2/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	kinput2
 PORTVERSION=	3.1
-PORTREVISION=	8
+PORTREVISION=	9
 CATEGORIES=	japanese x11
 MASTER_SITES=	ftp://ftp.sra.co.jp/pub/x11/kinput2/
 DISTNAME=	${PORTNAME}-v${PORTVERSION}
--- a/japanese/kinput2/files/patch-lib-IMProto.c
+++ b/japanese/kinput2/files/patch-lib-IMProto.c
@ -1,5 +1,5 @@
 --- lib/IMProto.c.orig	2002-10-03 18:35:28.000000000 +0900
-+++ lib/IMProto.c	2008-11-03 01:07:46.000000000 +0900
+++ lib/IMProto.c	2008-11-08 16:03:58.000000000 +0900
@@ -259,7 +259,7 @@
 #ifdef IM_TCP_TRANSPORT
     if (ipw->imp.use_tcp_transport) {
@ -9,3 +9,26 @@
     }
     if (ipw->imp.tcp_sock >= 0) {
 	TRACE(("call XtAppAddInput for tcp socket(%d)\n", ipw->imp.tcp_sock));
+@@ -281,7 +281,7 @@
+ 	 * The unix domain socket pathname has the following form:
+ 	 *   <UNIX_SOCKET_DIR>/<Display Name>-<Language>
+ 	 */
+-	(void)mkdir(UNIX_SOCKET_DIR, 0777);
+	(void)mkdir(UNIX_SOCKET_DIR, 01777);
+ #ifdef S_IFLNK
+ 	{
+ 	    /*
+@@ -292,11 +292,11 @@
+ 	    struct stat st;
+ 	    if (lstat(UNIX_SOCKET_DIR, &st) == 0 &&
+ 		(st.st_mode & S_IFMT) == S_IFDIR) {
+-		(void)chmod(UNIX_SOCKET_DIR, 0777);
+		(void)chmod(UNIX_SOCKET_DIR, 01777);
+ 	    }
+ 	}
+ #else
+-	(void)chmod(UNIX_SOCKET_DIR, 0777);
+	(void)chmod(UNIX_SOCKET_DIR, 01777);
+ #endif
+ 	(void)sprintf(path, "%s/%s", UNIX_SOCKET_DIR,
+ 		      DisplayString(XtDisplay(new)));
--- a/japanese/kinput2/files/patch-lib-imlib-imxport.c
+++ b/japanese/kinput2/files/patch-lib-imlib-imxport.c
@ -1,6 +1,11 @@
 --- lib/imlib/imxport.c.orig	2002-10-03 18:35:31.000000000 +0900
-+++ lib/imlib/imxport.c	2008-11-02 01:23:56.000000000 +0900
-@@ -35,6 +35,7 @@
+++ lib/imlib/imxport.c	2008-11-08 16:02:24.000000000 +0900
+@@ -31,10 +31,12 @@
+ 
+ #ifdef IM_UNIX_TRANSPORT
+ #include <sys/un.h>
+#include <sys/stat.h>
+ #endif
 
 #ifdef IM_TCP_TRANSPORT
 #include <netinet/in.h> 
@ -8,7 +13,7 @@
 #endif
 
 extern int errno;
-@@ -412,8 +413,9 @@
+@@ -412,8 +414,9 @@
 
 #ifdef IM_TCP_TRANSPORT
 int
@ -19,7 +24,7 @@
 {
     struct sockaddr_in addr;
     int optval = 1;
-@@ -431,7 +433,22 @@
+@@ -431,7 +434,22 @@
 		     (char *)&optval, sizeof(optval));
 #endif /* SO_REUSEADDR */
 
@ -43,3 +48,33 @@
     addr.sin_family = AF_INET;
     addr.sin_port = htons(*portp);
 
+@@ -495,6 +513,7 @@
+ {
+     struct sockaddr_un addr;
+     int sock;
+    mode_t oldumask;
+ 
+     TRACE(("IMCreateUnixService(%s)\n", path));
+     if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
+@@ -510,15 +529,21 @@
+      * Remove socket which is created by the previous process.
+      */
+     (void)unlink(path);
+    oldumask = umask(S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH);
+ 
+     if (bind(sock, (struct sockaddr *)&addr, strlen(path) + 2) < 0) {
+ 	DPRINT(("bind() failed with %d\n", errno));
+	umask(oldumask);
+ 	return -1;
+     }
+
+    umask(oldumask);
+	
+     if (listen(sock, 4) < 0) {
+ 	DPRINT(("listen() failed with %d\n", errno));
+ 	return -1;
+     }
+
+     return sock;
+ }
+