archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ssh/tailssh: chmod the auth socket to be only user accessible

Browse Source 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
pull/4492/head
Maisem Ali 2 years ago committed by Maisem Ali
parent 337c77964b
commit 31094d557b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
ssh/tailssh/tailssh.go
Unescape Escape View File

@ -773,10 +773,14 @@ func (ss *sshSession) handleSSHAgentForwarding(s ssh.Session, lu *user.User) err
}
socket := ln.Addr().String()
dir := filepath.Dir(socket)
// Make sure the socket is accessible by the user.
// Make sure the socket is accessible only by the user.
if err := os.Chmod(socket, 0600); err != nil {
return err
}
if err := os.Chown(socket, int(uid), int(gid)); err != nil {
return err
}
// Make sure the dir is also accessible.
if err := os.Chmod(dir, 0755); err != nil {
return err
}

Write Preview
Loading…
Cancel
Save