Restrict Unix socket permissions #1

New issue

Closed

opened 2026-02-02 10:00:56 +01:00 by qwc · 0 comments

qwc commented 2026-02-02 10:00:56 +01:00

Owner

Copy link

Phase 1: Security Hardening

Socket created by net.Listen("unix", ...) defaults to 0777 — any local user can send commands.

Tasks

• Set socket permissions to 0660 and restrict to a dedicated group
• Validate socket directory permissions on startup

Files

• events.go

## Phase 1: Security Hardening Socket created by `net.Listen("unix", ...)` defaults to 0777 — any local user can send commands. ### Tasks - Set socket permissions to 0660 and restrict to a dedicated group - Validate socket directory permissions on startup ### Files - `events.go`

qwc added the

Kind/Security

Priority

High

labels 2026-02-02 10:05:22 +01:00

qwc referenced this issue 2026-02-02 10:52:25 +01:00

Merge mmo/ui branch: Fyne system tray UI #26

qwc referenced this issue from a commit 2026-02-02 13:56:15 +01:00

Security: restrict event socket permissions and add safe type assertions

qwc referenced this issue from a pull request that will close it, 2026-02-02 13:56:25 +01:00

Security hardening: permissions, path validation, script execution #28

qwc closed this issue 2026-02-02 14:09:19 +01:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

enhance/slog-errorhandling-integration

ui

gh-pages

v0.3.0

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels   

Compat/Breaking

Breaking change that won't be backward compatible

  

Kind/Bug

Something is not working

  

Kind/Documentation

Documentation changes

  

Kind/Enhancement

Improve existing functionality

  

Kind/Feature

New functionality

  

Kind/Security

This is security issue

  

Kind/Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No labels

Compat/Breaking

Kind/Bug

Kind/Documentation

Kind/Enhancement

Kind/Feature

Kind/Security

Kind/Testing

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Status

Abandoned

Status

Blocked

Status

Need More Info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

qwc-open/backive#1

No description provided.