mirror of
https://github.com/wez/wezterm.git
synced 2024-09-20 11:17:15 +03:00
remove WEZTERM_SKIP_MUX_SOCK_PERMISSIONS_CHECK env var in favor of config value
This commit is contained in:
parent
2e63989c6e
commit
33f17eaf3f
@ -373,6 +373,14 @@ pub struct UnixDomain {
|
||||
/// If true, connect to this domain automatically at startup
|
||||
#[serde(default)]
|
||||
pub connect_automatically: bool,
|
||||
|
||||
/// If true, bypass checking for secure ownership of the
|
||||
/// socket_path. This is not recommended on a multi-user
|
||||
/// system, but is useful for example when running the
|
||||
/// server inside a WSL container but with the socket
|
||||
/// on the host NTFS volume.
|
||||
#[serde(default)]
|
||||
pub skip_permissions_check: bool,
|
||||
}
|
||||
|
||||
impl UnixDomain {
|
||||
@ -384,10 +392,7 @@ impl UnixDomain {
|
||||
}
|
||||
|
||||
fn default_unix_domains() -> Vec<Self> {
|
||||
vec![UnixDomain {
|
||||
socket_path: None,
|
||||
connect_automatically: false,
|
||||
}]
|
||||
vec![UnixDomain::default()]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
use crate::config::{Config, TlsDomainServer};
|
||||
use crate::config::{Config, TlsDomainServer, UnixDomain};
|
||||
use crate::mux::tab::{Tab, TabId};
|
||||
use crate::mux::{Mux, MuxNotification, MuxSubscriber};
|
||||
use crate::ratelim::RateLimiter;
|
||||
@ -851,7 +851,8 @@ impl Drop for UmaskSaver {
|
||||
/// we need to be sure that the directory that we create it in
|
||||
/// is owned by the user and has appropriate file permissions
|
||||
/// that prevent other users from manipulating its contents.
|
||||
fn safely_create_sock_path(sock_path: &Path) -> Result<UnixListener, Error> {
|
||||
fn safely_create_sock_path(unix_dom: &UnixDomain) -> Result<UnixListener, Error> {
|
||||
let sock_path = &unix_dom.socket_path();
|
||||
debug!("setting up {}", sock_path.display());
|
||||
|
||||
let _saver = UmaskSaver::new();
|
||||
@ -872,14 +873,14 @@ fn safely_create_sock_path(sock_path: &Path) -> Result<UnixListener, Error> {
|
||||
|
||||
#[cfg(unix)]
|
||||
{
|
||||
if std::env::var_os("WEZTERM_SKIP_MUX_SOCK_PERMISSIONS_CHECK").is_none() {
|
||||
if !unix_dom.skip_permissions_check {
|
||||
// Let's be sure that the ownership looks sane
|
||||
let meta = sock_dir.symlink_metadata()?;
|
||||
|
||||
let permissions = meta.permissions();
|
||||
if (permissions.mode() & 0o22) != 0 {
|
||||
bail!(
|
||||
"The permissions for {} are insecure and currently
|
||||
"The permissions for {} are insecure and currently \
|
||||
allow other users to write to it (permissions={:?})",
|
||||
sock_dir.display(),
|
||||
permissions
|
||||
@ -942,7 +943,7 @@ fn spawn_tls_listener(
|
||||
pub fn spawn_listener(config: &Arc<Config>, executor: Box<dyn Executor>) -> Fallible<()> {
|
||||
for unix_dom in &config.unix_domains {
|
||||
let mut listener = LocalListener::new(
|
||||
safely_create_sock_path(&unix_dom.socket_path())?,
|
||||
safely_create_sock_path(unix_dom)?,
|
||||
executor.clone_executor(),
|
||||
);
|
||||
thread::spawn(move || {
|
||||
|
Loading…
Reference in New Issue
Block a user