commit c8cf682107ebbe81da9db3dbd267c51ff151b049
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Jan 06 09:33:00 2023 UTC

expose 'gotctl info' output only to the root user

Now that anyone can connect to the socket, it is probably safer to
expose information about currently connected clients only to root.

commit - bea82c4f04244e6cbe016b150601e00a7f26bfe8
commit + c8cf682107ebbe81da9db3dbd267c51ff151b049
blob - d41a6e1a949b1556352b5d6b79871935dd15e95a
blob + 07c32a0a3163a6d2e93ca633c2b16134f6043ad9
--- gotctl/gotctl.8
+++ gotctl/gotctl.8
@@ -58,6 +58,7 @@ are as follows:
 Display information about a running
 .Xr gotd 8
 instance.
+This operation requires root privileges.
 .It Cm stop
 Stop a running
 .Xr gotd 8
blob - fb2ac445012f43434ddd2dce19216c1e024287cf
blob + fbc0a43b6e9215f801753d222c5d0fa31d57fbbd
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -527,6 +527,9 @@ send_info(struct gotd_client *client)
 	uint64_t slot;
 	struct gotd_repo *repo;
 
+	if (client->euid != 0)
+		return got_error_set_errno(EPERM, "info");
+
 	info.pid = gotd.pid;
 	info.verbosity = gotd.verbosity;
 	info.nrepos = gotd.nrepos;