-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create admin socket synchronously before privdrop #1201
Create admin socket synchronously before privdrop #1201
Conversation
In a single-core VM the timing is different enough for above mentioned
|
Anyone? Introducing this synchronisation point allows me to also reliably drop privileges further via pledge(2) on OpenBSD, since it is then guaranteed that the socket is set up already, see #1193 (comment) |
Not ignoring this, I just haven't had the time for the last week to review PRs due to work and other things. I'll try to take a look later today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if the better approach might just be to move some of the initialisation logic out of the listen()
goroutine and into New()
, such that by the time the function returns, we know if it succeeded or failed and the listener would already be created?
Creating UNIX sockets the listen() goroutine that races against the main one dropping to an unprivileged user may cause startup failure when privdrop happens before privileged filesystem access. Setup or fail in New() and only do listen(2) in listen() to avoid this.
2e1b896
to
7fa3651
Compare
That also works, thanks; I've updated the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks!
Creating UNIX sockets the listen() goroutine that races against the main
one dropping to an unprivileged user may cause startup failure when
privdrop happens before privileged filesystem access.
Setup or fail in New() and only do listen(2) in listen() to avoid this.
Rerun, now the order is flipped:
Fixes #927.