commit 7843333165edf3bdaa739cd96c701e1b7d53aa81
from: Stefan Sperling <stsp@stsp.name>
date: Wed Jan 04 19:46:20 2023 UTC

expose 'gotctl info' output only to the root user

Now that anyone can connect to the socket, it is probably safer to
expose information about currently connected clients only to root.

commit - 3a1c1a1b20ae87fe3c8fe3d040d16e816ff0905c
commit + 7843333165edf3bdaa739cd96c701e1b7d53aa81
blob - d41a6e1a949b1556352b5d6b79871935dd15e95a
blob + 07c32a0a3163a6d2e93ca633c2b16134f6043ad9
--- gotctl/gotctl.8
+++ gotctl/gotctl.8
@@ -58,6 +58,7 @@ are as follows:
 Display information about a running
 .Xr gotd 8
 instance.
+This operation requires root privileges.
 .It Cm stop
 Stop a running
 .Xr gotd 8
blob - 889d8f29f10dc0d2fd25bab36acde18ffacaa943
blob + e50353765bff681f33ccb4684dc31c73acce7967
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -527,6 +527,9 @@ send_info(struct gotd_client *client)
 	uint64_t slot;
 	struct gotd_repo *repo;
 
+	if (client->euid != 0)
+		return got_error_set_errno(EPERM, "info");
+
 	info.pid = gotd.pid;
 	info.verbosity = gotd.verbosity;
 	info.nrepos = gotd.nrepos;