Describe the bug
In daemon/daemon.go line 100, os.Chmod() is called to set socket permissions but the error return is completely ignored. If chmod fails, the socket could remain with default permissions (potentially world-readable) instead of owner-only (0700), creating security risk.
To reproduce
- Examine daemon/daemon.go lines 95-100:
if err != nil {
return fmt.Errorf("listen: %w", err)
}
defer d.listener.Close()
// Set socket permissions (owner only).
os.Chmod(sockPath, 0700) // Error completely ignored
- Observe error is not checked or handled
Expected behavior
Error from os.Chmod() should be checked and handled. If setting permissions fails, daemon should either:
- Return error and abort startup (safer)
- Log warning about permission failure
Additional context
- Security-sensitive: daemon socket permissions protect local RPC communication
- Good first issue: simple error check addition
- In contrast, main.go lines 3201, 3233, 3242 DO check chmod errors correctly
- Similar unchecked os.Remove() exists at line 89
Suggested fix:
// Set socket permissions (owner only).
if err := os.Chmod(sockPath, 0700); err != nil {
return fmt.Errorf("failed to set socket permissions: %w", err)
}OS
Linux (affects Unix-like systems with file permissions)
Describe the bug
In daemon/daemon.go line 100, os.Chmod() is called to set socket permissions but the error return is completely ignored. If chmod fails, the socket could remain with default permissions (potentially world-readable) instead of owner-only (0700), creating security risk.
To reproduce
Expected behavior
Error from os.Chmod() should be checked and handled. If setting permissions fails, daemon should either:
Additional context
Suggested fix:
OS
Linux (affects Unix-like systems with file permissions)