Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

linux sigar_proc_port_get assumes effective UID of bound socket & process are the same #7

Open
dademurphy opened this Issue · 0 comments

1 participant

@dademurphy

This assumption is violated if the process binds the socket as root, and later drops it's effective UID for security.

We discovered this recently with stunnel, when configured to run as non-root user 'stunnel4'.

To replicate:

  • apt-get stunnel on debian or ubuntu
  • Edit /etc/default/stunnel4, and set ENABLED=1

Play with enabling/disabling the setuid/setgid options in /etc/stunnel/stunnel.conf. Assume $port is a port bound by stunnel.

Using the ruby bindings & running irb as root, Sigar.new().proc_port(Sigar::NETCONN_TCP, $port) returns the stunnel PID when stunnel is also running as root. 0 is returned if stunnel drops to user 'stunnel4'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.