From 3aaeafde8b624ee5e1b1099f217120eb3f11c5c9 Mon Sep 17 00:00:00 2001 From: vikingowl Date: Thu, 26 Mar 2026 16:32:06 +0100 Subject: [PATCH] =?UTF-8?q?fix:=20security=20=E2=80=94=20socket=20perms=20?= =?UTF-8?q?0600,=20signal=20handler=20logging,=20client=20read=20timeout?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crates/owlry-core/src/main.rs | 9 +++++---- crates/owlry-core/src/server.rs | 4 ++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/crates/owlry-core/src/main.rs b/crates/owlry-core/src/main.rs index 121dcae..e18cc5b 100644 --- a/crates/owlry-core/src/main.rs +++ b/crates/owlry-core/src/main.rs @@ -1,4 +1,4 @@ -use log::info; +use log::{info, warn}; use owlry_core::paths; use owlry_core::server::Server; @@ -25,11 +25,12 @@ fn main() { // Graceful shutdown on SIGTERM/SIGINT let sock_cleanup = sock.clone(); - ctrlc::set_handler(move || { + if let Err(e) = ctrlc::set_handler(move || { let _ = std::fs::remove_file(&sock_cleanup); std::process::exit(0); - }) - .ok(); + }) { + warn!("Failed to set signal handler: {}", e); + } if let Err(e) = server.run() { eprintln!("Server error: {e}"); diff --git a/crates/owlry-core/src/server.rs b/crates/owlry-core/src/server.rs index ed9f69e..7a8b8e6 100644 --- a/crates/owlry-core/src/server.rs +++ b/crates/owlry-core/src/server.rs @@ -1,7 +1,9 @@ use std::io::{self, BufRead, BufReader, Write}; +use std::os::unix::fs::PermissionsExt; use std::os::unix::net::{UnixListener, UnixStream}; use std::path::{Path, PathBuf}; use std::sync::{Arc, Mutex}; +use std::time::Duration; use std::thread; /// Maximum allowed size for a single IPC request line (1 MiB). @@ -37,6 +39,7 @@ impl Server { } let listener = UnixListener::bind(socket_path)?; + std::fs::set_permissions(socket_path, std::fs::Permissions::from_mode(0o600))?; info!("IPC server listening on {:?}", socket_path); let config = Config::load_or_default(); @@ -97,6 +100,7 @@ impl Server { frecency: Arc>, config: Arc, ) -> io::Result<()> { + stream.set_read_timeout(Some(Duration::from_secs(30)))?; let mut reader = BufReader::new(stream.try_clone()?); let mut writer = stream;