From 7f7436cf627f394c8c43b42d16b6de918b4ddad8 Mon Sep 17 00:00:00 2001
From: luk3yx <luk3yx@users.noreply.github.com>
Date: Mon, 8 Feb 2021 18:28:38 +1300
Subject: [PATCH] Check directory permissions before making socket
 world-writable

---
 lurkcoin/api/config.go | 9 ++++++++-
 lurkcoin/misc.go       | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lurkcoin/api/config.go b/lurkcoin/api/config.go
index 0ed2c83..62797e8 100644
--- a/lurkcoin/api/config.go
+++ b/lurkcoin/api/config.go
@@ -28,6 +28,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strings"
 )
 
@@ -151,8 +152,14 @@ func StartServer(config *Config) {
 	}
 
 	// Remove any socket file that already exists
+	var changeSocketPermissions bool
 	if networkProtocol == "unix" {
 		os.Remove(address)
+
+		// Only call chmod if no other users can write to the directory
+		if stat, err := os.Stat(filepath.Dir(address)); err == nil {
+			changeSocketPermissions = stat.Mode() & 022 == 0
+		}
 	}
 
 	// Bind to the address
@@ -163,7 +170,7 @@ func StartServer(config *Config) {
 	}
 
 	// Change permissions on the UNIX socket
-	if networkProtocol == "unix" {
+	if changeSocketPermissions {
 		if err := os.Chmod(address, 0777); err != nil {
 			log.Fatal(err)
 		}
diff --git a/lurkcoin/misc.go b/lurkcoin/misc.go
index 2ceb064..2df3191 100644
--- a/lurkcoin/misc.go
+++ b/lurkcoin/misc.go
@@ -35,7 +35,7 @@ import (
 )
 
 const SYMBOL = "¤"
-const VERSION = "3.0.8"
+const VERSION = "3.0.9"
 
 // Note that public source code is required by the AGPL
 const SOURCE_URL = "https://github.com/luk3yx/lurkcoin-core"