fixup! FIX Restrict socket permissions and manage ACLs if needed

chibenwa · chibenwa · commit e5afc91c9a2a · 2025-02-26T10:53:54.000+01:00
diff --git a/runner-core/src/main/java/org/apache/apisix/plugin/runner/server/ApplicationRunner.java b/runner-core/src/main/java/org/apache/apisix/plugin/runner/server/ApplicationRunner.java
@@ -26,13 +26,11 @@
 import java.nio.file.attribute.AclEntryPermission;
 import java.nio.file.attribute.AclEntryType;
 import java.nio.file.attribute.AclFileAttributeView;
-import java.nio.file.attribute.PosixFilePermission;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.Optional;
-import java.util.Set;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -136,16 +134,11 @@ public void start(String path) throws Exception {
         }
     }
 
-    private static void manageSocketPermissions(String pathString) throws IOException {
-        Set<PosixFilePermission> permissions = Set.of(
-            PosixFilePermission.OWNER_READ,
-            PosixFilePermission.OWNER_WRITE,
-            PosixFilePermission.OWNER_EXECUTE);
-        Path path = Paths.get(pathString);
-        Files.setPosixFilePermissions(path, permissions);
+    private static void manageSocketPermissions(String socketFile) throws IOException {
+        Runtime.getRuntime().exec("chmod 700 " + socketFile);
 
         if (!SOCKET_ALLOWED_USERS.isEmpty()) {
-            Optional.ofNullable(Files.getFileAttributeView(path, AclFileAttributeView.class))
+            Optional.ofNullable(Files.getFileAttributeView(Paths.get(socketFile), AclFileAttributeView.class))
                 .orElseThrow(() -> new UnsupportedOperationException("ACLs are not supported on this filesystem."))
                 .setAcl(SOCKET_ALLOWED_USERS.stream()
                     .map(ApplicationRunner::computeAclEntry)
