Set file modes of pinentry socket for extra safety
* lisp/net/pinentry.el: Require 'cl-lib for `cl-letf'. (pinentry-start): Change the file modes of the socket file to 0700. This is just for extra safety since the parent directory is already protected with `server-ensure-safe-dir'.
This commit is contained in:
Daiki Ueno
parent
2667b3ebae
commit
29757844e5
1 changed files with 14 additions and 11 deletions
|
|
@ -49,6 +49,8 @@
|
||||||
|
|
||||||
;;; Code:
|
;;; Code:
|
||||||
|
|
||||||
|
(eval-when-compile (require 'cl-lib))
|
||||||
|
|
||||||
(defgroup pinentry nil
|
(defgroup pinentry nil
|
||||||
"The Pinentry server"
|
"The Pinentry server"
|
||||||
:version "25.1"
|
:version "25.1"
|
||||||
|
|
@ -172,17 +174,18 @@ will not be shown."
|
||||||
(ignore-errors
|
(ignore-errors
|
||||||
(let (delete-by-moving-to-trash)
|
(let (delete-by-moving-to-trash)
|
||||||
(delete-file server-file)))
|
(delete-file server-file)))
|
||||||
(setq pinentry--server-process
|
(cl-letf (((default-file-modes) ?\700))
|
||||||
(make-network-process
|
(setq pinentry--server-process
|
||||||
:name "pinentry"
|
(make-network-process
|
||||||
:server t
|
:name "pinentry"
|
||||||
:noquery t
|
:server t
|
||||||
:sentinel #'pinentry--process-sentinel
|
:noquery t
|
||||||
:filter #'pinentry--process-filter
|
:sentinel #'pinentry--process-sentinel
|
||||||
:coding 'no-conversion
|
:filter #'pinentry--process-filter
|
||||||
:family 'local
|
:coding 'no-conversion
|
||||||
:service server-file))
|
:family 'local
|
||||||
(process-put pinentry--server-process :server-file server-file))))
|
:service server-file))
|
||||||
|
(process-put pinentry--server-process :server-file server-file)))))
|
||||||
|
|
||||||
(defun pinentry-stop ()
|
(defun pinentry-stop ()
|
||||||
"Stop a Pinentry service."
|
"Stop a Pinentry service."
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue