From bf931709db60b5d7980684557baec14ef842450c Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Tue, 7 Feb 2023 10:10:05 +0100
Subject: [PATCH] Drop permissions on Unix admin socket

---
 cmd/soju/main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/soju/main.go b/cmd/soju/main.go
index 0e93c86..ec036d0 100644
--- a/cmd/soju/main.go
+++ b/cmd/soju/main.go
@@ -220,6 +220,10 @@ func main() {
 				log.Fatalf("failed to start listener on %q: %v", listen, err)
 			}
 			ln = proxyProtoListener(ln, srv)
+			// TODO: this is racy
+			if err := os.Chmod(path, 0600); err != nil {
+				log.Fatalf("failed to chmod Unix admin socket: %v", err)
+			}
 			go func() {
 				if err := srv.Serve(ln, srv.HandleAdmin); err != nil {
 					log.Printf("serving %q: %v", listen, err)