-
Notifications
You must be signed in to change notification settings - Fork 678
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
uwsgi_bind_sockets should not call uwsgi_as_root, it prevents drop-after-init and drop-after-apps #1519
Comments
Any chance you can open a PR please? |
RobertDeRose
added a commit
to RobertDeRose/uwsgi
that referenced
this issue
May 2, 2017
Moved all calls to `uwsgi_as_root` into `uwsgi.c` so that all handling of privilege dropping is in the same file. Added extra checks to ensure that privileges are properly dropped when the user requests them to be dropped. This closes unbit#1519
Done @xrmx |
RobertDeRose
added a commit
to RobertDeRose/uwsgi
that referenced
this issue
May 3, 2017
Moved all calls to `uwsgi_as_root` into `uwsgi.c` so that all handling of privilege dropping is in the same file. Added extra checks to ensure that privileges are properly dropped when the user requests them to be dropped. This closes unbit#1519
xrmx
pushed a commit
to xrmx/uwsgi
that referenced
this issue
May 20, 2017
Moved all calls to `uwsgi_as_root` into `uwsgi.c` so that all handling of privilege dropping is in the same file. Added extra checks to ensure that privileges are properly dropped when the user requests them to be dropped. This closes unbit#1519
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I had to add a bit of logging and some stack_trace print outs to figure this out, but, if you need your application to load as root, say to read a configuration file with sensitive data like a DB password, before privileges are dropped, using the --drop-after-apps option would appear to be the correct answer. Unfortunately, the default behavior or uWSGI causes this logic to get superseded in the
core/socket.c:uwsgi_bind_sockets
where it checks ifuwsgi.chown_socket
is true and then only cares ifuwsgi.master_as_root
is false, failing to ensure thatuwsgi.drop_after_init and uwsgi_drop_after_app
are also false.Since
uwsgi_setup
anduwsgi_start
already handle the privilege dropping by callinguwsgi_as_root
in all the right places, the separate call to it should just be removed from thecore/socket.c
file altogether.I have tested this change on Debian 8.7 using uWSGI 2.0.7 and the issues still appears in master.
Here is the log output with the stack_trace included after every call to
uwsgi_as_root
as well as some additional log statements for tracking:Before Change
After Change
The text was updated successfully, but these errors were encountered: