You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2014/11/04 23:17:34 UTC
[jira] [Commented] (TS-1263) owner of mgmtapisocket can change if
not compiling with libcap
[ https://issues.apache.org/jira/browse/TS-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196950#comment-14196950 ]
Susan Hinrichs commented on TS-1263:
------------------------------------
Alan plans on eliminating the race condition.
Would be incredibly valuable to find privilege separate tools on Solaris and BSD.
> owner of mgmtapisocket can change if not compiling with libcap
> --------------------------------------------------------------
>
> Key: TS-1263
> URL: https://issues.apache.org/jira/browse/TS-1263
> Project: Traffic Server
> Issue Type: Bug
> Components: Manager
> Affects Versions: 3.1.3
> Reporter: Bryan Call
> Assignee: Alan M. Carroll
> Fix For: 5.3.0
>
>
> Sometimes the ownership of mgmtapisocket is nobody and sometimes it is root. This is only seen if you don't link with libcap.
> The thread that creates the unix-socket (mgmtapisocket) is created before ATS binds its ports. There is a race between seteuid() called from restoreRootPriv() before we bind() the sockets and the creation of the unix-socket in the "web agent thread".
> If ATS binds the ports before the thread is created that creates mgmtapisocket then the proper ownership of mgmtapisocket happens (owned by nobody).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)