Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is responsible for securing the control socket's ancestors from the grandparent on. We could add a cryptographic handshake later if desired.
This commit is contained in:
Scott Lamb
parent
b1f8c65a2c
commit
fe2f1fceb5
4 changed files with 82 additions and 27 deletions
|
|
@ -218,7 +218,7 @@ static void make_names(void)
|
|||
#endif
|
||||
|
||||
if(!controlsocketname)
|
||||
asprintf(&controlsocketname, LOCALSTATEDIR "/run/%s.control", identname);
|
||||
asprintf(&controlsocketname, "%s/run/%s.control/socket", LOCALSTATEDIR, identname);
|
||||
|
||||
if(!logfilename)
|
||||
asprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue