Skip to content

Commit

Permalink
Create secure FCGI socket file name
Browse files Browse the repository at this point in the history
  • Loading branch information
@pka
pka committed Nov 1, 2023
1 parent f18c79f commit 1e3ce66
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 14 deletions.
19 changes: 10 additions & 9 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ rust-embed = { version = "6.8.1", features = ["compression"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0.57"
sqlx = { version = "0.7.0", default-features = false, features = [ "runtime-tokio-rustls", "sqlite", "postgres" ] }
tempfile = "3.8.1"
thiserror = "1.0.31"
tokio = { version = "1.19.2" }

Expand Down
2 changes: 1 addition & 1 deletion bbox-asset-server/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ minijinja = { workspace = true }
once_cell = { workspace = true }
rust-embed = { workspace = true }
serde = { workspace = true }
tempfile = "3.2.0"
tempfile = { workspace = true }
zip = { version = "0.5.13", default-features = false, features = ["deflate"] }

[[bin]]
Expand Down
1 change: 1 addition & 0 deletions bbox-map-server/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ rand = "0.7.3"
serde = { workspace = true }
serde-xml-rs = "0.4.0"
serde_json = { workspace = true }
tempfile = { workspace = true }
thiserror = { workspace = true }
tokio = { version = "1", features = ["time"] }

Expand Down
12 changes: 9 additions & 3 deletions bbox-map-server/src/fcgi_process.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,15 @@ impl FcgiProcessPool {
}
}
/// Constant socket path over application lifetime
fn socket_path(name: &str, process_no: usize) -> String {
// TODO: Use tempfile::tempdir
format!("/tmp/fcgi_{}_{}", name, process_no)
fn socket_path(name: &str, _process_no: usize) -> String {
// We use the system temp path, but according to FHS /run would be correct
let file = tempfile::Builder::new()
.prefix(&format!("fcgi_{name}_"))
.rand_bytes(8)
.suffix(".sock")
.tempfile()
.expect("Socket file creation");
file.into_temp_path().to_string_lossy().to_string()
}
pub async fn spawn_processes(&mut self) -> std::io::Result<()> {
let envs: Vec<_> = self
Expand Down
2 changes: 1 addition & 1 deletion bbox-tile-server/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ rusoto_s3 = { version = "0.48.0", default-features = false, features = ["rustls"
serde = { workspace = true }
serde_json = { workspace = true }
sqlx = { workspace = true }
tempfile = "3.3.0"
tempfile = { workspace = true }
thiserror = { workspace = true }
#tile-grid = "0.5.2"
tile-grid = { git = "https://github.com/pka/tile-grid" }
Expand Down

0 comments on commit 1e3ce66

Please sign in to comment.