From 093936f7ab8155a5c3c13908ad4e002c1d7d1fdb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 20 Feb 2024 02:39:39 +0100 Subject: [PATCH] Check for dumb file permissions on startup There's nothing special about "-service install". On any system, executables shouldn't be modifiable by other system users, no matter what the executable is and how it's run. --- dnscrypt-proxy/main.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dnscrypt-proxy/main.go b/dnscrypt-proxy/main.go index 3be67581..75ffe0a9 100644 --- a/dnscrypt-proxy/main.go +++ b/dnscrypt-proxy/main.go @@ -66,6 +66,10 @@ func main() { os.Exit(0) } + if fullexecpath, err := os.Executable(); err == nil { + WarnIfMaybeWritableByOtherUsers(fullexecpath) + } + app := &App{ flags: &flags, } @@ -93,9 +97,6 @@ func main() { dlog.Fatal(err) } if *svcFlag == "install" { - if fullexecpath, err := os.Executable(); err == nil { - WarnIfMaybeWritableByOtherUsers(fullexecpath) - } dlog.Notice("Installed as a service. Use `-service start` to start") } else if *svcFlag == "uninstall" { dlog.Notice("Service uninstalled")