Merge branch 'rpc-file-permission-lockdown'

3 files changed, 17 insertions, 4 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 7dff8bc43a..563a7f25c1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -640,7 +640,6 @@ dependencies = [
  "log 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "mullvad-types 0.1.0",
  "serde 1.0.9 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde_json 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "talpid-ipc 0.1.0",
  "talpid-types 0.1.0",
 ]
diff --git a/mullvad-daemon/src/rpc_info.rs b/mullvad-daemon/src/rpc_info.rs
index 64dad4258b..13d354d9bb 100644
--- a/mullvad-daemon/src/rpc_info.rs
+++ b/mullvad-daemon/src/rpc_info.rs
@@ -47,9 +47,23 @@ pub fn remove() -> Result<()> {
 }
 
 fn open_file(path: &Path) -> io::Result<File> {
-    OpenOptions::new()
+    let file = OpenOptions::new()
         .write(true)
         .truncate(true)
         .create(true)
-        .open(path)
+        .open(path)?;
+    set_rpc_file_permissions(&file)?;
+    Ok(file)
+}
+
+#[cfg(unix)]
+fn set_rpc_file_permissions(file: &File) -> io::Result<()> {
+    use std::os::unix::fs::PermissionsExt;
+    file.set_permissions(PermissionsExt::from_mode(0o644))
+}
+
+#[cfg(windows)]
+fn set_rpc_file_permissions(_file: &File) -> io::Result<()> {
+    // TODO(linus): Lock permissions correctly on Windows.
+    Ok(())
 }
diff --git a/talpid-core/src/tunnel/mod.rs b/talpid-core/src/tunnel/mod.rs
index 4ee7b24cee..b9e8aa8fa2 100644
--- a/talpid-core/src/tunnel/mod.rs
+++ b/talpid-core/src/tunnel/mod.rs
@@ -238,7 +238,7 @@ impl TunnelMonitor {
     }
 
     #[cfg(windows)]
-    fn set_user_pass_file_permissions(file: &fs::File) -> io::Result<()> {
+    fn set_user_pass_file_permissions(_file: &fs::File) -> io::Result<()> {
         // TODO(linus): Lock permissions correctly on Windows.
         Ok(())
     }