Default socket is world-writteable
WhyNotHugo opened this issue · 2 comments
WhyNotHugo commented
The default socket is created world-writable, which makes is accessible to all users (even nobody
):
> ls -l /var/run/usbmuxd
srw-rw-rw- 1 root root 0 Aug 14 10:02 /var/run/usbmuxd
WhyNotHugo commented
I see that main.c
does an explicit chmod(socket_addr, 0666);
.
I'd suggest changing this to 0660
and changing owner to user=usbmux, group=usb. Group can also be plugdev
, maybe?
This might break some people's setup, so it would need to be well documented as a breaking change.
WhyNotHugo commented
As an alternative approach, the socket could be moved into a subdirectory (e.g.: /run/usbmux/
), so a local administrator can manage the permission of this directory.
This would also make it easier to make usbmuxd accessible from sandboxes.