mirror of
https://passt.top/passt
synced 2025-05-29 04:35:33 +02:00
conf, passt, tap: Open socket and PID files before switching UID/GID
Otherwise, if the user runs us as root, and gives us paths that are only accessible by root, we'll fail to open them, which might in turn encourage users to change permissions or ownerships: definitely a bad idea in terms of security. Reported-by: Minxi Hou <mhou@redhat.com> Reported-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Richard W.M. Jones <rjones@redhat.com>
This commit is contained in:
parent
ba23b05545
commit
c9b2413465
5 changed files with 28 additions and 11 deletions
4
passt.h
4
passt.h
|
@ -185,6 +185,7 @@ struct ip6_ctx {
|
|||
* @sock_path: Path for UNIX domain socket
|
||||
* @pcap: Path for packet capture file
|
||||
* @pid_file: Path to PID file, empty string if not configured
|
||||
* @pidfile_fd: File descriptor for PID file, -1 if none
|
||||
* @pasta_netns_fd: File descriptor for network namespace in pasta mode
|
||||
* @no_netns_quit: In pasta mode, don't exit if fs-bound namespace is gone
|
||||
* @netns_base: Base name for fs-bound namespace, if any, in pasta mode
|
||||
|
@ -234,7 +235,10 @@ struct ctx {
|
|||
int nofile;
|
||||
char sock_path[UNIX_PATH_MAX];
|
||||
char pcap[PATH_MAX];
|
||||
|
||||
char pid_file[PATH_MAX];
|
||||
int pidfile_fd;
|
||||
|
||||
int one_off;
|
||||
|
||||
int pasta_netns_fd;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue