Adjust unix domain IPC permissions.

BUG=chromium-os:7473
TEST=none

Review URL: http://codereview.chromium.org/6280009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72007 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 2 deletions

diff --git a/ipc/ipc_channel_posix.cc b/ipc/ipc_channel_posix.cc
index 5ff25aa..34fbca9 100644
--- a/ipc/ipc_channel_posix.cc
+++ b/ipc/ipc_channel_posix.cc
@@ -167,14 +167,14 @@ bool CreateServerUnixDomainSocket(const std::string& pipe_name,
   // Delete any old FS instances.
   unlink(pipe_name.c_str());
 
-    // Make sure the path we need exists.
+  // Make sure the path we need exists.
   FilePath path(pipe_name);
   FilePath dir_path = path.DirName();
   if (!file_util::CreateDirectory(dir_path)) {
     return false;
   }
 
-  // Create unix_addr structure
+  // Create unix_addr structure.
   struct sockaddr_un unix_addr;
   memset(&unix_addr, 0, sizeof(unix_addr));
   unix_addr.sun_family = AF_UNIX;
@@ -193,6 +193,14 @@ bool CreateServerUnixDomainSocket(const std::string& pipe_name,
     return false;
   }
 
+  // Adjust the socket permissions.
+  if (chmod(pipe_name.c_str(), 0600)) {
+    PLOG(ERROR) << "fchmod " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
   // Start listening on the socket.
   const int listen_queue_length = 1;
   if (listen(fd, listen_queue_length) != 0) {