|
|
3addba3 |
From c4fbdc2d3a0d3e54bb9ad1238be87390bd04dc9b Mon Sep 17 00:00:00 2001
|
|
|
3addba3 |
From: Jamie Nguyen <j@jamielinux.com>
|
|
|
3addba3 |
Date: Fri, 13 Nov 2015 13:57:11 +0000
|
|
|
3addba3 |
Subject: [PATCH 3/3] Defer creation of Unix socket until after setuid
|
|
|
3addba3 |
|
|
|
3addba3 |
---
|
|
|
3addba3 |
changes/bug17562-defer-unix-socket-creation | 4 ++++
|
|
|
3addba3 |
src/or/connection.c | 8 ++++++++
|
|
|
3addba3 |
2 files changed, 12 insertions(+)
|
|
|
3addba3 |
create mode 100644 changes/bug17562-defer-unix-socket-creation
|
|
|
3addba3 |
|
|
|
3addba3 |
diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation
|
|
|
3addba3 |
new file mode 100644
|
|
|
3addba3 |
index 0000000..f1896c0
|
|
|
3addba3 |
--- /dev/null
|
|
|
3addba3 |
+++ b/changes/bug17562-defer-unix-socket-creation
|
|
|
3addba3 |
@@ -0,0 +1,4 @@
|
|
|
3addba3 |
+ o Minor bug fixes:
|
|
|
3addba3 |
+ - Defer creation of Unix sockets until after setuid. This avoids needing
|
|
|
3addba3 |
+ CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
|
|
|
3addba3 |
+ chown and fowner when using SELinux.
|
|
|
3addba3 |
diff --git a/src/or/connection.c b/src/or/connection.c
|
|
|
3addba3 |
index 78176d3..f2a82dd 100644
|
|
|
3addba3 |
--- a/src/or/connection.c
|
|
|
3addba3 |
+++ b/src/or/connection.c
|
|
|
3addba3 |
@@ -2381,6 +2381,14 @@ retry_listener_ports(smartlist_t *old_conns,
|
|
|
3addba3 |
if (port->server_cfg.no_listen)
|
|
|
3addba3 |
continue;
|
|
|
3addba3 |
|
|
|
3addba3 |
+#ifndef _WIN32
|
|
|
3addba3 |
+ /* We don't need to be root to create a UNIX socket, so defer until after
|
|
|
3addba3 |
+ * setuid. */
|
|
|
3addba3 |
+ const or_options_t *options = get_options();
|
|
|
3addba3 |
+ if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
|
|
|
3addba3 |
+ continue;
|
|
|
3addba3 |
+#endif
|
|
|
3addba3 |
+
|
|
|
3addba3 |
if (port->is_unix_addr) {
|
|
|
3addba3 |
listensockaddr = (struct sockaddr *)
|
|
|
3addba3 |
create_unix_sockaddr(port->unix_addr,
|
|
|
3addba3 |
--
|
|
|
3addba3 |
2.5.0
|
|
|
3addba3 |
|