Ticket #17562: 0003-Defer-creation-of-Unix-socket-until-after-setuid.patch

File 0003-Defer-creation-of-Unix-socket-until-after-setuid.patch, 1.5 KB (added by jamielinux, 4 years ago)
  • new file changes/bug17562-defer-unix-socket-creation

    From c4fbdc2d3a0d3e54bb9ad1238be87390bd04dc9b Mon Sep 17 00:00:00 2001
    From: Jamie Nguyen <j@jamielinux.com>
    Date: Fri, 13 Nov 2015 13:57:11 +0000
    Subject: [PATCH 3/3] Defer creation of Unix socket until after setuid
    
    ---
     changes/bug17562-defer-unix-socket-creation | 4 ++++
     src/or/connection.c                         | 8 ++++++++
     2 files changed, 12 insertions(+)
     create mode 100644 changes/bug17562-defer-unix-socket-creation
    
    diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation
    new file mode 100644
    index 0000000..f1896c0
    - +  
     1  o Minor bug fixes:
     2    - Defer creation of Unix sockets until after setuid. This avoids needing
     3      CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
     4      chown and fowner when using SELinux.
  • src/or/connection.c

    diff --git a/src/or/connection.c b/src/or/connection.c
    index 78176d3..f2a82dd 100644
    a b retry_listener_ports(smartlist_t *old_conns, 
    23812381    if (port->server_cfg.no_listen)
    23822382      continue;
    23832383
     2384#ifndef _WIN32
     2385    /* We don't need to be root to create a UNIX socket, so defer until after
     2386     * setuid. */
     2387    const or_options_t *options = get_options();
     2388    if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
     2389      continue;
     2390#endif
     2391
    23842392    if (port->is_unix_addr) {
    23852393      listensockaddr = (struct sockaddr *)
    23862394        create_unix_sockaddr(port->unix_addr,