mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ui: restrict unix socket to the current user

Browse source 
By default, restrict reading from the unix socket to the user who
launched the GUI.
This commit is contained in:
Gustavo Iñiguez Goia 2023-11-08 00:48:44 +01:00
parent d08da08431
commit 2d96ec1fc7
Failed to generate hash of commit
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
ui/bin/opensnitch-ui
View file

@ -58,6 +58,14 @@ def on_exit():
pass
sys.exit(0)
def restrict_socket_perms(socket):
"""Restrict socket reading to the current user"""
try:
if socket.startswith("unix://") and os.path.exists(socket[7:]):
os.chmod(socket[7:], 0o640)
except Exception as e:
print("Unable to change unix socket permissions:", socket, e)
def supported_qt_version(major, medium, minor):
q = QtCore.QT_VERSION_STR.split(".")
return int(q[0]) >= major and int(q[1]) >= medium and int(q[2]) >= minor
@ -176,7 +184,7 @@ Examples:
parts = args.socket.split("@")
args.socket = "unix-abstract:{0}".format(parts[1])
print("Using server address:", args.socket)
print("Using server address:", args.socket, "auth type:", auth_type)
if auth_type == auth.Simple or auth_type == "":
server.add_insecure_port(args.socket)
@ -201,6 +209,9 @@ Examples:
# print "OpenSnitch UI service running on %s ..." % socket
server.start()
restrict_socket_perms(args.socket)
app.exec_()
except KeyboardInterrupt: