openethereum · ordian · Dec 6, 2019 · Nov 20, 2019 · Nov 29, 2019 · Nov 29, 2019
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/parity/cli/mod.rs b/parity/cli/mod.rs
@@ -564,6 +564,10 @@ usage! {
 			"--ipc-path=[PATH]",
 			"Specify custom path for JSON-RPC over IPC service.",
 
+			ARG arg_ipc_chmod: (String) = "660", or |c: &Config| c.ipc.as_ref()?.chmod.clone(),
+			"--ipc-chmod=[NUM]",
+			"Specify octal value for ipc socket permissions (unix/bsd only)",
+
 			ARG arg_ipc_apis: (String) = "web3,eth,pubsub,net,parity,parity_pubsub,parity_accounts,private,traces,rpc,parity_transactions_pool", or |c: &Config| c.ipc.as_ref()?.apis.as_ref().map(|vec| vec.join(",")),
 			"--ipc-apis=[APIS]",
 			"Specify custom API set available via JSON-RPC over IPC using a comma-delimited list of API names. Possible names are: all, safe, web3, net, eth, pubsub, personal, signer, parity, parity_pubsub, parity_accounts, parity_set, traces, rpc, secretstore. You can also disable a specific API by putting '-' in the front, example: all,-personal. 'safe' enables the following APIs: web3, net, eth, pubsub, parity, parity_pubsub, traces, rpc",
@@ -1284,6 +1288,7 @@ struct Ws {
 #[derive(Default, Debug, PartialEq, Deserialize)]
 #[serde(deny_unknown_fields)]
 struct Ipc {
+	chmod: Option<String>,
 	disable: Option<bool>,
 	path: Option<String>,
 	apis: Option<Vec<String>>,
@@ -1834,7 +1839,7 @@ mod tests {
 			flag_no_ipc: false,
 			arg_ipc_path: "$HOME/.parity/jsonrpc.ipc".into(),
 			arg_ipc_apis: "web3,eth,net,parity,parity_accounts,personal,traces,rpc,secretstore".into(),
-
+			arg_ipc_chmod: "660".into(),
 			// DAPPS
 			arg_dapps_path: Some("$HOME/.parity/dapps".into()),
 			flag_no_dapps: false,
@@ -2104,6 +2109,7 @@ mod tests {
 			ipc: Some(Ipc {
 				disable: None,
 				path: None,
+				chmod: None,
 				apis: Some(vec!["rpc".into(), "eth".into()]),
 			}),
 			dapps: Some(Dapps {

diff --git a/parity/cli/tests/config.full.toml b/parity/cli/tests/config.full.toml
@@ -75,6 +75,7 @@ apis = ["web3", "eth", "net", "parity", "traces", "rpc", "secretstore"]
 hosts = ["none"]
 
 [ipc]
+chmod = "660"
 disable = false
 path = "$HOME/.parity/jsonrpc.ipc"
 apis = ["web3", "eth", "net", "parity", "parity_accounts", "personal", "traces", "rpc", "secretstore"]

diff --git a/parity/configuration.rs b/parity/configuration.rs
@@ -859,6 +859,7 @@ impl Configuration {
 
 	fn ipc_config(&self) -> Result<IpcConfiguration, String> {
 		let conf = IpcConfiguration {
+			chmod: self.args.arg_ipc_chmod.clone(),
 			enabled: !(self.args.flag_ipcdisable || self.args.flag_ipc_off || self.args.flag_no_ipc),
 			socket_addr: self.ipc_path(),
 			apis: {

diff --git a/parity/rpc.rs b/parity/rpc.rs
@@ -76,6 +76,7 @@ impl Default for HttpConfiguration {
 pub struct IpcConfiguration {
 	pub enabled: bool,
 	pub socket_addr: String,
+	pub chmod: String,
 	pub apis: ApiSet,
 }
 
@@ -89,6 +90,7 @@ impl Default for IpcConfiguration {
 				let data_dir = ::dir::default_data_path();
 				parity_ipc_path(&data_dir, "$BASE/jsonrpc.ipc", 0)
 			},
+			chmod: "660".into(),
 			apis: ApiSet::IpcContext,
 		}
 	}
@@ -261,7 +263,16 @@ pub fn new_ipc<D: rpc_apis::Dependencies>(
 		}
 	}
 
-	match rpc::start_ipc(&conf.socket_addr, handler, rpc::RpcExtractor) {
+	// some validations ..
+	let chmod = conf.chmod;
+	let chmod = u16::from_str_radix(&chmod, 8)
+		.map_err(|e| format!("Invalid octal value: {}", e))?;
+
+	if chmod == 0 || chmod > 0o7777 {
+		return Err("Valid octal permissions are within the range 1 to 7777".into())
+	}
+
+	match rpc::start_ipc(&conf.socket_addr, handler, rpc::RpcExtractor, chmod) {
 		Ok(server) => Ok(Some(server)),
 		Err(io_error) => Err(format!("IPC error: {}", io_error)),
 	}

diff --git a/rpc/Cargo.toml b/rpc/Cargo.toml
@@ -28,12 +28,12 @@ tokio-timer = "0.1"
 transient-hashmap = "0.4"
 itertools = "0.5"
 
-jsonrpc-core = "14.0.3"
-jsonrpc-derive = "14.0.3"
-jsonrpc-http-server = "14.0.3"
-jsonrpc-ws-server = "14.0.3"
-jsonrpc-ipc-server = "14.0.3"
-jsonrpc-pubsub = "14.0.3"
+jsonrpc-core = "14.0.5"
+jsonrpc-derive = "14.0.5"
+jsonrpc-http-server = "14.0.5"
+jsonrpc-ws-server = "14.0.5"
+jsonrpc-ipc-server = "14.0.6"
+jsonrpc-pubsub = "14.0.5"
 
 client-traits = { path = "../ethcore/client-traits" }
 common-types = { path = "../ethcore/types" }

diff --git a/rpc/src/lib.rs b/rpc/src/lib.rs
@@ -143,7 +143,12 @@ pub mod tests;
 
 pub use jsonrpc_core::{FutureOutput, FutureResult, FutureResponse, FutureRpcResult};
 pub use jsonrpc_pubsub::Session as PubSubSession;
-pub use ipc::{Server as IpcServer, MetaExtractor as IpcMetaExtractor, RequestContext as IpcRequestContext};
+pub use ipc::{
+	MetaExtractor as IpcMetaExtractor,
+	RequestContext as IpcRequestContext,
+	SecurityAttributes,
+	Server as IpcServer,
+};
 pub use http::{
 	hyper,
 	RequestMiddleware, RequestMiddlewareAction,
@@ -226,13 +231,18 @@ pub fn start_ipc<M, S, H, T>(
 	addr: &str,
 	handler: H,
 	extractor: T,
+	chmod: u16
 ) -> ::std::io::Result<ipc::Server> where
 	M: jsonrpc_core::Metadata,
 	S: jsonrpc_core::Middleware<M>,
 	H: Into<jsonrpc_core::MetaIoHandler<M, S>>,
 	T: IpcMetaExtractor<M>,
 {
+	let attr = SecurityAttributes::empty()
+		.set_mode(chmod as _)?;
+
 	ipc::ServerBuilder::with_meta_extractor(handler, extractor)
+		.set_security_attributes(attr)
 		.start(addr)
 }