From ddc0c935a124805709387ba3c30065344c956d41 Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Thu, 03 Apr 2025 11:35:18 +0800
Subject: [PATCH] gti2d: Set umask to 0077 to secure the UNIX domain socket

---
 git2d/main.c | 3 +++

diff --git a/git2d/main.c b/git2d/main.c
index 3f253c757f36ab03dfae16ea32e25df8f4fdf06a..345f66d743ddc19c08f1fc2e0a93d4c9b482e595 100644
--- a/git2d/main.c
+++ b/git2d/main.c
@@ -8,6 +8,7 @@ #include <errno.h>
 #include <git2.h>
 #include <pthread.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/un.h>
 #include <stdio.h>
@@ -134,6 +135,8 @@ 	struct sockaddr_un addr;
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
 	strcpy(addr.sun_path, argv[1]);
+
+	umask(0077);
 
 	if (bind(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_un))) {
 		if (errno == EADDRINUSE) {

-- 
2.48.1