arabianq/pipewire-soundpad
1
0
Fork 0
mirror of https://github.com/arabianq/pipewire-soundpad.git synced 2026-04-27 22:11:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 [security] Set restricted permissions on socket and runtime directory (#40)

Browse Source 
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit is contained in:
Tarasov Aleksandr
2026-03-21 21:03:48 +03:00
committed by GitHub
parent b8baeb6226
commit 6114b9a7f8
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bin/daemon.rs
+3
View File
@@ -9,6 +9,7 @@ use pwsp::{
pipewire::create_virtual_mic, pipewire::create_virtual_mic,
}, },
}; };
use std::os::unix::fs::PermissionsExt;
use std::{error::Error, fs, time::Duration}; use std::{error::Error, fs, time::Duration};
use tokio::{ use tokio::{
io::{AsyncReadExt, AsyncWriteExt}, io::{AsyncReadExt, AsyncWriteExt},
@@ -54,6 +55,8 @@ async fn main() -> Result<(), Box<dyn Error>> {
} }
let listener = UnixListener::bind(&socket_path)?; let listener = UnixListener::bind(&socket_path)?;
fs::set_permissions(&socket_path, fs::Permissions::from_mode(0o600))?;
println!( println!(
"Daemon started. Listening on {}", "Daemon started. Listening on {}",
socket_path.to_str().unwrap_or_default() socket_path.to_str().unwrap_or_default()
src/utils/daemon.rs
+2
View File
@@ -6,6 +6,7 @@ use crate::{
}, },
utils::pipewire::{create_link, get_device}, utils::pipewire::{create_link, get_device},
}; };
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf; use std::path::PathBuf;
use std::{error::Error, fs}; use std::{error::Error, fs};
use tokio::{ use tokio::{
@@ -84,6 +85,7 @@ pub fn create_runtime_dir() -> Result<(), Box<dyn Error>> {
if !runtime_dir.exists() { if !runtime_dir.exists() {
fs::create_dir_all(&runtime_dir)?; fs::create_dir_all(&runtime_dir)?;
} }
fs::set_permissions(&runtime_dir, fs::Permissions::from_mode(0o700))?;
Ok(()) Ok(())
} }