Set file modes of pinentry socket for extra safety

* lisp/net/pinentry.el: Require 'cl-lib for `cl-letf'. (pinentry-start): Change the file modes of the socket file to 0700. This is just for extra safety since the parent directory is already protected with `server-ensure-safe-dir'.
2016-02-22 11:28:11 +09:00 · 2016-02-22 11:28:11 +09:00 · 29757844e5
commit 29757844e5
parent 2667b3ebae
1 changed files with 14 additions and 11 deletions
--- a/lisp/net/pinentry.el
+++ b/lisp/net/pinentry.el
@ -49,6 +49,8 @@

 ;;; Code:

+(eval-when-compile (require 'cl-lib))
+
 (defgroup pinentry nil
  "The Pinentry server"
  :version "25.1"
@ -172,17 +174,18 @@ will not be shown."
      (ignore-errors
        (let (delete-by-moving-to-trash)
          (delete-file server-file)))
-      (setq pinentry--server-process
-            (make-network-process
-             :name "pinentry"
-             :server t
-             :noquery t
-             :sentinel #'pinentry--process-sentinel
-             :filter #'pinentry--process-filter
-             :coding 'no-conversion
-             :family 'local
-             :service server-file))
-      (process-put pinentry--server-process :server-file server-file))))
+      (cl-letf (((default-file-modes) ?\700))
+        (setq pinentry--server-process
+              (make-network-process
+               :name "pinentry"
+               :server t
+               :noquery t
+               :sentinel #'pinentry--process-sentinel
+               :filter #'pinentry--process-filter
+               :coding 'no-conversion
+               :family 'local
+               :service server-file))
+        (process-put pinentry--server-process :server-file server-file)))))

 (defun pinentry-stop ()
  "Stop a Pinentry service."