diff options
| author | Tomasz Kramkowski <tomasz@kramkow.ski> | 2025-08-16 19:02:55 +0100 |
|---|---|---|
| committer | Tomasz Kramkowski <tomasz@kramkow.ski> | 2025-08-16 19:02:55 +0100 |
| commit | ee5416dad791a72e86b499cb6ef13ef9d7a9a381 (patch) | |
| tree | dfb029a474a32385b6fd3ea1ba21a3d53a99f105 | |
| parent | b3c0e67100e3c1c03ebb8f08481e35790c163585 (diff) | |
| download | kutter-ee5416dad791a72e86b499cb6ef13ef9d7a9a381.tar.gz kutter-ee5416dad791a72e86b499cb6ef13ef9d7a9a381.tar.xz kutter-ee5416dad791a72e86b499cb6ef13ef9d7a9a381.zip | |
Create API socket with more sensible permissions
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | klippy/webhooks.py | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f91b9a9..96c76b75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,9 @@ Most changes are breaking. * The printer TTY is moved from `/tmp/printer` to the more appropriate `/run/kutter/printer` (although this feature might be removed entirely in the future) +* The API server socket is now configured with `660` permissions instead of + `777 & umask`. This is temporary and will hopefully be configurable in the + future. ### Removed diff --git a/klippy/webhooks.py b/klippy/webhooks.py index 5902c4ef..661e9117 100644 --- a/klippy/webhooks.py +++ b/klippy/webhooks.py @@ -8,6 +8,7 @@ import errno import logging import os import socket +import stat import sys import gcode @@ -126,6 +127,10 @@ class ServerSocket: self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) self.sock.setblocking(0) self.sock.bind(server_address) + # TODO: This is a good compromise for now, but it should be configurable + os.chmod( + server_address, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP + ) self.sock.listen(1) self.fd_handle = self.reactor.register_fd( self.sock.fileno(), self._handle_accept |