- /*
- * Restrict connections to our control socket by ensuring the parent
- * directory can be traversed only by root. Note this is not totally
- * race-free unless all ancestors are writable only by trusted users,
- * which we don't verify.
- */
-
- struct stat statbuf;
- lastslash = strrchr(controlsocketname, '/');
- if(lastslash != NULL) {
- *lastslash = 0; /* temporarily change controlsocketname to be dir */
- if(mkdir(controlsocketname, 0700) < 0 && errno != EEXIST) {
- logger(LOG_ERR, "Unable to create control socket directory %s: %s", controlsocketname, strerror(errno));
- *lastslash = '/';
- goto bail;
- }
-
- result = stat(controlsocketname, &statbuf);
- *lastslash = '/';
- } else
- result = stat(".", &statbuf);
-
- if(result < 0) {
- logger(LOG_ERR, "Examining control socket directory failed: %s", strerror(errno));
- goto bail;
- }
-
- if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) {
- logger(LOG_ERR, "Control socket directory ownership/permissions insecure.");
- goto bail;
- }
-#endif
-
- result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr);
-
- if(result < 0 && sockinuse(sockerrno)) {
- result = connect(control_socket, (struct sockaddr *)&addr, sizeof addr);
-#ifndef HAVE_MINGW
- if(result < 0) {
- logger(LOG_WARNING, "Removing old control socket.");
- unlink(controlsocketname);
- result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr);
- } else