diff options
| author | Daiki Ueno <ueno@gnu.org> | 2016-02-22 11:28:11 +0900 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2016-02-22 11:49:19 +0900 |
| commit | 29757844e578706b23baaf361336629a8f10ed15 (patch) | |
| tree | b5abb305f8fe7919f569754b2e6d668dc870acc3 /lisp/net/pinentry.el | |
| parent | 2667b3ebaee4c7d136e8320d859c7385c7ff88e5 (diff) | |
| download | emacs-29757844e578706b23baaf361336629a8f10ed15.tar.gz | |
Set file modes of pinentry socket for extra safety
* lisp/net/pinentry.el: Require 'cl-lib for `cl-letf'.
(pinentry-start): Change the file modes of the socket file to 0700.
This is just for extra safety since the parent directory is already
protected with `server-ensure-safe-dir'.
Diffstat (limited to 'lisp/net/pinentry.el')
| -rw-r--r-- | lisp/net/pinentry.el | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lisp/net/pinentry.el b/lisp/net/pinentry.el index 285f86481bc..082a9c8ff89 100644 --- a/lisp/net/pinentry.el +++ b/lisp/net/pinentry.el @@ -49,6 +49,8 @@ ;;; Code: +(eval-when-compile (require 'cl-lib)) + (defgroup pinentry nil "The Pinentry server" :version "25.1" @@ -172,17 +174,18 @@ will not be shown." (ignore-errors (let (delete-by-moving-to-trash) (delete-file server-file))) - (setq pinentry--server-process - (make-network-process - :name "pinentry" - :server t - :noquery t - :sentinel #'pinentry--process-sentinel - :filter #'pinentry--process-filter - :coding 'no-conversion - :family 'local - :service server-file)) - (process-put pinentry--server-process :server-file server-file)))) + (cl-letf (((default-file-modes) ?\700)) + (setq pinentry--server-process + (make-network-process + :name "pinentry" + :server t + :noquery t + :sentinel #'pinentry--process-sentinel + :filter #'pinentry--process-filter + :coding 'no-conversion + :family 'local + :service server-file)) + (process-put pinentry--server-process :server-file server-file))))) (defun pinentry-stop () "Stop a Pinentry service." |