Skip to content

Commit

Permalink
Allow running workers as root, if both UID and GID are specified as r…
Browse files Browse the repository at this point in the history
…oot.

Fixes #320

Originally, running workers as root was disabled, as unintentional
root privilages are a security threat.

But if the user really wants to run hitch as root, it is possible now,
it is just difficult enough not to happen by default configuration
values.
  • Loading branch information
dmatetelki authored and daghf committed Nov 22, 2019
1 parent 9c13b2b commit 55b2f62
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 11 deletions.
2 changes: 2 additions & 0 deletions docs/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ If you're handling a large number of connections, you'll probably want to raise
If you are listening to ports under 1024 (443 comes to mind), you need
to start Hitch as root. In those cases you *must* use --user/-u to set
a non-privileged user `hitch` can setuid() to.
If you are aware of the security implications and insist on running the worker
threads as root too, both the user and the group must be set to root.


## Preparing PEM files
Expand Down
28 changes: 17 additions & 11 deletions src/hitch.c
Original file line number Diff line number Diff line change
Expand Up @@ -2994,6 +2994,20 @@ drop_privileges(void)
#endif
}

static int
verify_privileges(void)
{
if (geteuid() == 0 &&
!(CONFIG->UID == 0 && CONFIG->GID == 0)) {
ERR("{core} ERROR: "
"Refusing to run workers as root, "
"unless user and group is explicitly set"
" to root.\n");
return (0);
}
return (1);
}

static int
backaddr_init_uds(void)
{
Expand Down Expand Up @@ -3132,11 +3146,8 @@ start_workers(int start_index, int count)
change_root();
if (CONFIG->UID >= 0 || CONFIG->GID >= 0)
drop_privileges();
if (geteuid() == 0) {
ERR("{core} ERROR: "
"Refusing to run workers as root.\n");
if (!verify_privileges())
_exit(1);
}
handle_connections(pfd[0]);
exit(0);
} else { /* parent. Track new child. */
Expand All @@ -3157,11 +3168,8 @@ start_ocsp_proc(void)
} else if (ocsp_proc_pid == 0) {
if (CONFIG->UID >= 0 || CONFIG->GID >= 0)
drop_privileges();
if (geteuid() == 0) {
ERR("{core} ERROR: "
"Refusing to run workers as root.\n");
if (!verify_privileges())
_exit(1);
}
handle_ocsp_task();
}

Expand Down Expand Up @@ -3985,10 +3993,8 @@ main(int argc, char **argv)
exit(1);
}

if (geteuid() == 0 && CONFIG->UID < 0) {
ERR("{core} ERROR: Refusing to run workers as root.\n");
if (!verify_privileges())
exit(1);
}

if (CONFIG->DAEMONIZE)
daemonize();
Expand Down

0 comments on commit 55b2f62

Please sign in to comment.