Skip to content

fix: set IPC socket permissions to 0600 for security #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jdx merged 3 commits into from
Jan 19, 2026
Merged

fix: set IPC socket permissions to 0600 for security #133

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
60c5e63
fix: set IPC socket permissions to 0600 for security
jdx Jan 19, 2026
b09b707
fix: use umask to prevent TOCTOU race when creating IPC socket
jdx Jan 19, 2026
91ac10f
fix: ensure umask is restored even if socket creation fails
jdx Jan 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ fuzzy-matcher = "0.3.7"

[target.'cfg(unix)'.dependencies]
exec = "0.3"
libc = "0.2"

[dev-dependencies]
tempfile = "3"
13 changes: 13 additions & 0 deletions src/ipc/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,20 @@ impl IpcServer {
let opts = ListenerOptions::new().name(fs_name("main")?);
debug!("Listening on {}", env::IPC_SOCK_MAIN.display());
let (tx, rx) = tokio::sync::mpsc::channel(1);

// Set restrictive umask before creating socket to avoid TOCTOU race condition.
// This ensures the socket is created with 0600 permissions from the start.
#[cfg(unix)]
let old_umask = unsafe { libc::umask(0o077) };

let listener = opts.create_tokio().into_diagnostic()?;

// Restore original umask
#[cfg(unix)]
unsafe {
libc::umask(old_umask);
}
Comment thread
cursor[bot] marked this conversation as resolved.
Comment thread
cursor[bot] marked this conversation as resolved.

@cursor cursor Bot Jan 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Process-wide umask affects concurrent file operations

Medium Severity

The umask system call affects the entire process, not just the current thread. In the tokio multi-threaded runtime, other async tasks (web server, interval_watch, cron_watch, signals) are already running when IpcServer::new() is called. Any file or directory creation by these concurrent tasks during the umask manipulation window will unexpectedly receive restrictive 0600/0700 permissions instead of normal permissions, potentially causing functionality issues.

Fix in Cursor Fix in Web


tokio::spawn(async move {
loop {
if let Err(err) = Self::listen(&listener, tx.clone()).await {
Expand Down