From 3ef720c87e7b468821fe6cf6c21d75850f8f5d49 Mon Sep 17 00:00:00 2001
From: hanli <37435717+hnl1@users.noreply.github.com>
Date: Sat, 28 Feb 2026 13:47:56 +0800
Subject: [PATCH] fix: validate socket file type before removal and tighten
 permissions

- Check file type with stat.S_ISSOCK before unlinking to prevent
  accidental deletion of non-socket files
- Change socket permissions from 0o666 to 0o660 for better security
---
 server.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server.py b/server.py
index 23f4a91a2..94397aa24 100644
--- a/server.py
+++ b/server.py
@@ -1,5 +1,6 @@
 import os
 import sys
+import stat
 import asyncio
 import traceback
 import time
@@ -1229,11 +1230,14 @@ class PromptServer():
         if verbose:
             logging.info("Starting server\n")
 
-        if os.path.exists(unix_socket):
+        if os.path.lexists(unix_socket):
+            st_mode = os.lstat(unix_socket).st_mode
+            if not stat.S_ISSOCK(st_mode):
+                raise RuntimeError(f"Refusing to remove non-socket path: {unix_socket}")
             os.unlink(unix_socket)
         site = web.UnixSite(runner, unix_socket)
         await site.start()
-        os.chmod(unix_socket, 0o666)
+        os.chmod(unix_socket, 0o660)
         self.address = unix_socket
         self.port = None
         self.unix_socket = unix_socket