fix: validate socket file type before removal and tighten permissions

- Check file type with stat.S_ISSOCK before unlinking to prevent accidental deletion of non-socket files - Change socket permissions from 0o666 to 0o660 for better security
2026-03-17 15:15:00 +08:00 · 2026-02-28 13:47:56 +08:00 · 2026-02-28 13:47:56 +08:00 · 3ef720c87e
commit 3ef720c87e
parent 5e662fedc6
1 changed files with 6 additions and 2 deletions
--- a/server.py
+++ b/server.py
@ -1,5 +1,6 @@
 import os
 import sys
+import stat
 import asyncio
 import traceback
 import time
@ -1229,11 +1230,14 @@ class PromptServer():
        if verbose:
            logging.info("Starting server\n")

-        if os.path.exists(unix_socket):
+        if os.path.lexists(unix_socket):
+            st_mode = os.lstat(unix_socket).st_mode
+            if not stat.S_ISSOCK(st_mode):
+                raise RuntimeError(f"Refusing to remove non-socket path: {unix_socket}")
            os.unlink(unix_socket)
        site = web.UnixSite(runner, unix_socket)
        await site.start()
-        os.chmod(unix_socket, 0o666)
+        os.chmod(unix_socket, 0o660)
        self.address = unix_socket
        self.port = None
        self.unix_socket = unix_socket