summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-08-03 00:37:43 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2017-08-03 00:37:43 -0400
commit19d2190a4f87cabdd59916ca859df45b416c9dbe (patch)
tree9ec56ee318e5f861aab05be464dc4e272660e557
parent3c8afd194c8d13fecefa1fa8862eaae630208325 (diff)
downloadlighttpd1.4-19d2190a4f87cabdd59916ca859df45b416c9dbe.tar.gz
lighttpd1.4-19d2190a4f87cabdd59916ca859df45b416c9dbe.zip
[core] set socket perms after bind, before listen
(it is still recommended to create sockets in protected directories) x-ref: "Feature request: add server config for setting permissions on Unix domain socket" https://redmine.lighttpd.net/issues/656
-rw-r--r--src/network.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/network.c b/src/network.c
index 1ee43bf0..382f570f 100644
--- a/src/network.c
+++ b/src/network.c
@@ -271,11 +271,6 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
goto error_free_socket;
}
- if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
- log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
- goto error_free_socket;
- }
-
if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
mode_t m = 0;
for (char *str = s->socket_perms->ptr; *str; ++str) {
@@ -287,6 +282,11 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx) {
}
}
+ if (-1 == listen(srv_socket->fd, s->listen_backlog)) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "listen failed: ", strerror(errno));
+ goto error_free_socket;
+ }
+
if (s->ssl_enabled) {
#ifdef TCP_DEFER_ACCEPT
} else if (s->defer_accept) {