Default socket is world-writteable

Question

Default socket is world-writteable

WhyNotHugo opened this issue a year ago · 2 comments

The default socket is created world-writable, which makes is accessible to all users (even nobody):

> ls -l /var/run/usbmuxd 
srw-rw-rw-    1 root     root             0 Aug 14 10:02 /var/run/usbmuxd

Answer 1 · 2023-08-15T15:19:27.000Z

I see that main.c does an explicit chmod(socket_addr, 0666);.

I'd suggest changing this to 0660 and changing owner to user=usbmux, group=usb. Group can also be plugdev, maybe?

This might break some people's setup, so it would need to be well documented as a breaking change.

Answer 2 · 2023-08-15T15:28:04.000Z

As an alternative approach, the socket could be moved into a subdirectory (e.g.: /run/usbmux/), so a local administrator can manage the permission of this directory.

This would also make it easier to make usbmuxd accessible from sandboxes.