branch: master
commit dcc9ba03252ee5d39e03bba31b420e0708c3ba0c
Author: Daiki Ueno <u...@gnu.org>
Commit: Nicolas Petton <nico...@petton.fr>
Set file modes of pinentry socket for extra safety
* pinentry.el: Require 'cl-lib for `cl-letf'.
(pinentry-start): Change the file modes of the socket file to 0700.
This is just for extra safety since the parent directory is already
protected with `server-ensure-safe-dir'.
---
packages/pinentry/pinentry.el | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/packages/pinentry/pinentry.el b/packages/pinentry/pinentry.el
index d7dca4a..50ea614 100644
--- a/packages/pinentry/pinentry.el
+++ b/packages/pinentry/pinentry.el
@@ -49,6 +49,8 @@
;;; Code:
+(eval-when-compile (require 'cl-lib))
+
(defgroup pinentry nil
"The Pinentry server"
:version "25.1"
@@ -172,17 +174,18 @@ will not be shown."
(ignore-errors
(let (delete-by-moving-to-trash)
(delete-file server-file)))
- (setq pinentry--server-process
- (make-network-process
- :name "pinentry"
- :server t
- :noquery t
- :sentinel #'pinentry--process-sentinel
- :filter #'pinentry--process-filter
- :coding 'no-conversion
- :family 'local
- :service server-file))
- (process-put pinentry--server-process :server-file server-file))))
+ (cl-letf (((default-file-modes) ?\700))
+ (setq pinentry--server-process
+ (make-network-process
+ :name "pinentry"
+ :server t
+ :noquery t
+ :sentinel #'pinentry--process-sentinel
+ :filter #'pinentry--process-filter
+ :coding 'no-conversion
+ :family 'local
+ :service server-file))
+ (process-put pinentry--server-process :server-file server-file)))))
(defun pinentry-stop ()
"Stop a Pinentry service."
