mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 21:16:22 +02:00
Defer creation of Unix socket until after setuid
This commit is contained in:
parent
ec4ef68271
commit
dcbfe46cd6
4
changes/bug17562-defer-unix-socket-creation
Normal file
4
changes/bug17562-defer-unix-socket-creation
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bug fixes:
|
||||
- Defer creation of Unix sockets until after setuid. This avoids needing
|
||||
CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
|
||||
chown and fowner when using SELinux.
|
@ -2386,6 +2386,14 @@ retry_listener_ports(smartlist_t *old_conns,
|
||||
if (port->server_cfg.no_listen)
|
||||
continue;
|
||||
|
||||
#ifndef _WIN32
|
||||
/* We don't need to be root to create a UNIX socket, so defer until after
|
||||
* setuid. */
|
||||
const or_options_t *options = get_options();
|
||||
if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
|
||||
continue;
|
||||
#endif
|
||||
|
||||
if (port->is_unix_addr) {
|
||||
listensockaddr = (struct sockaddr *)
|
||||
create_unix_sockaddr(port->unix_addr,
|
||||
|
Loading…
Reference in New Issue
Block a user