Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Defer creation of Unix socket until after setuid

Jamie Nguyen 8 years ago
parent
ec4ef68271
commit
dcbfe46cd6
2 changed files with 12 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug17562-defer-unix-socket-creation
  2. 8 0
      src/or/connection.c

+ 4 - 0
changes/bug17562-defer-unix-socket-creation
View File 

@@ -0,0 +1,4 @@
 
+  o Minor bug fixes:
 
+    - Defer creation of Unix sockets until after setuid. This avoids needing
 
+      CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
 
+      chown and fowner when using SELinux.

+ 8 - 0
src/or/connection.c
View File 

@@ -2386,6 +2386,14 @@ retry_listener_ports(smartlist_t *old_conns,
 
     if (port->server_cfg.no_listen)
 
       continue;
 
 
+#ifndef _WIN32
 
+    /* We don't need to be root to create a UNIX socket, so defer until after
 
+     * setuid. */
 
+    const or_options_t *options = get_options();
 
+    if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
 
+      continue;
 
+#endif
 
+
 
     if (port->is_unix_addr) {
 
       listensockaddr = (struct sockaddr *)
 
         create_unix_sockaddr(port->unix_addr,