There's a chance some sensitive information (e.g. folder names)
can end up in errors.log, though $XDG_RUNTIME_DIR or
/tmp/lei-$UID/ will have 0700 permissions, anyways.
---
lib/PublicInbox/LEI.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/PublicInbox/LEI.pm b/lib/PublicInbox/LEI.pm
index 2df1f326..29293e6c 100644
--- a/lib/PublicInbox/LEI.pm
+++ b/lib/PublicInbox/LEI.pm
@@ -1225,6 +1225,7 @@ sub lazy_start {
$errors_log = "$sock_dir/errors.log";
my $addr = pack_sockaddr_un($path);
my $lk = bless { lock_path => $errors_log }, 'PublicInbox::Lock';
+ umask(077) // die("umask(077): $!");
$lk->lock_acquire;
socket($listener, AF_UNIX, SOCK_SEQPACKET, 0) or die "socket: $!";
if ($errno == ECONNREFUSED || $errno == ENOENT) {
@@ -1236,7 +1237,6 @@ sub lazy_start {
$! = $errno; # allow interpolation to stringify in die
die "connect($path): $!";
}
- umask(077) // die("umask(077): $!");
bind($listener, $addr) or die "bind($path): $!";
$lk->lock_release;
undef $lk;
--
unsubscribe: one-click, see List-Unsubscribe header
archive: https://public-inbox.org/meta/
