From 95a08857f10c4eb1233c8a3f07845a2000b87d36 Mon Sep 17 00:00:00 2001
From: Luca Casonato <lucacasonato@yahoo.com>
Date: Mon, 27 Apr 2020 22:56:24 +0200
Subject: [PATCH] Make unix sockets require allow-write (#4939)

---
 cli/js/lib.deno.ns.d.ts | 4 ++--
 cli/ops/net.rs          | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/cli/js/lib.deno.ns.d.ts b/cli/js/lib.deno.ns.d.ts
index 7a04776822..ffa560a73f 100644
--- a/cli/js/lib.deno.ns.d.ts
+++ b/cli/js/lib.deno.ns.d.ts
@@ -1919,7 +1919,7 @@ declare namespace Deno {
    *
    *     const listener = Deno.listen({ address: "/foo/bar.sock", transport: "unix" })
    *
-   * Requires `allow-read` permission. */
+   * Requires `allow-read` and `allow-write` permission. */
   export function listen(
     options: UnixListenOptions & { transport: "unix" }
   ): Listener;
@@ -1940,7 +1940,7 @@ declare namespace Deno {
    *
    *     const listener = Deno.listen({ address: "/foo/bar.sock", transport: "unixpacket" })
    *
-   * Requires `allow-read` permission. */
+   * Requires `allow-read` and `allow-write` permission. */
   export function listen(
     options: UnixListenOptions & { transport: "unixpacket" }
   ): DatagramConn;
diff --git a/cli/ops/net.rs b/cli/ops/net.rs
index a9b1e0051b..415d2cecc3 100644
--- a/cli/ops/net.rs
+++ b/cli/ops/net.rs
@@ -521,6 +521,7 @@ fn op_listen(
     } if transport == "unix" || transport == "unixpacket" => {
       let address_path = net_unix::Path::new(&args.address);
       state.check_read(&address_path)?;
+      state.check_write(&address_path)?;
       let (rid, local_addr) = if transport == "unix" {
         net_unix::listen_unix(&mut resource_table, &address_path)?
       } else {