nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Defer creation of Unix socket until after setuid

Browse Source
This commit is contained in:
Jamie Nguyen 2015-11-13 13:57:11 +00:00 committed by Nick Mathewson
parent ec4ef68271
commit dcbfe46cd6
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug17562-defer-unix-socket-creation Normal file
View File

@ -0,0 +1,4 @@
o Minor bug fixes:
- Defer creation of Unix sockets until after setuid. This avoids needing
CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
chown and fowner when using SELinux.

8
src/or/connection.c
View File

@ -2386,6 +2386,14 @@ retry_listener_ports(smartlist_t *old_conns,
if (port->server_cfg.no_listen) if (port->server_cfg.no_listen)
continue; continue;
#ifndef _WIN32
/* We don't need to be root to create a UNIX socket, so defer until after
* setuid. */
const or_options_t *options = get_options();
if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
continue;
#endif
if (port->is_unix_addr) { if (port->is_unix_addr) {
listensockaddr = (struct sockaddr *) listensockaddr = (struct sockaddr *)
create_unix_sockaddr(port->unix_addr, create_unix_sockaddr(port->unix_addr,