davide/purple-electrumwallet
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #10547 from SomberNight/202603_umask

Browse Source 
set restrictive unix umask application-wide by default
This commit is contained in:
ghost43
2026-03-27 18:27:51 +00:00
committed by GitHub
parent 85ea6af5b1 7755d97a76
commit efcf1f056f
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
electrum/daemon.py
+8 -1
View File
@@ -34,6 +34,7 @@ from typing import Dict, Optional, Tuple, Callable, Union, Sequence, Mapping, TY
from base64 import b64decode, b64encode
import json
import socket
import stat
import aiohttp
from aiohttp import web, client_exceptions
@@ -43,7 +44,7 @@ from . import util
from .network import Network
from .util import (
json_decode, to_bytes, to_string, profiler, standardize_path, constant_time_compare, InvalidPassword,
log_exceptions, randrange, OldTaskGroup, UserFacingException, JsonRPCError
log_exceptions, randrange, OldTaskGroup, UserFacingException, JsonRPCError, os_chmod
)
from .wallet import Wallet, Abstract_Wallet
from .storage import WalletStorage
@@ -327,6 +328,12 @@ class CommandsServer(AuthenticatedServer):
await site.start()
except Exception as e:
raise Exception(f"failed to start CommandsServer at {self._socket_config_str()}. got exc: {e!r}") from None
# now server has started.
if self.socktype == 'unix':
# set restrictive permissions on unix domain socket.
# FIXME race? we are late. should set this during socket-file creation but aiohttp API does not let us.
os_chmod(self.sockpath, stat.S_IREAD | stat.S_IWRITE)
# write server conn details into lockfile fd
if self.socktype == 'unix':
addr = self.sockpath
elif self.socktype == 'tcp':
run_electrum
+9
View File
@@ -107,6 +107,15 @@ if is_android:
ctypes.pythonapi = ctypes.PyDLL("libpython%d.%d.so" % sys.version_info[:2]) # replaces ctypes.PyDLL(None)
# Set default application-wide file umask to more restrictive than typical.
# We want to create all files and directories (esp. inside the datadir) with locked-down permissions.
# note: this helps even on Windows! (see https://docs.python.org/3/library/os.html#os.mkdir)
# > `os.mkdir(path, mode=0o777, *, dir_fd=None)`
# > On Windows, a mode of 0o700 is specifically handled to apply access control to the new
# > directory such that only the current user and administrators have access.
os.umask(0o0077)
sys._ELECTRUM_RUNNING_VIA_RUNELECTRUM = True # used by logging.py
from electrum.logging import get_logger, configure_logging # import logging submodule first