Changed the permission of config file to allow access to only owner. This fixes CVE-2025-24337

2025-02-17 13:58:41 +05:30 · 2025-02-17 13:58:41 +05:30 · 76581b6ed9
commit 76581b6ed9
parent a7fa19f2e4
1 changed files with 1 additions and 1 deletions
--- a/app.go
+++ b/app.go
@ -554,7 +554,7 @@ requests. We recommend supplying a valid host name.`)
 		}

 		if network == "unix" {
-			err = os.Chmod(bindAddress, 0o666)
+			err = os.Chmod(bindAddress, 0o600)
 			if err != nil {
 				log.Error("Could not update socket permissions: %v", err)
 				os.Exit(1)