Wait for admin goroutine to create control socket before changing user

klemensn · klemensn · commit 6ebc7fa691b3 · 2024-11-03T21:32:58.000+03:00
Otherwise the main goroutine races dropping privileges races against those carrying out privileges tasks at startup. Reproducible at least on OpenBSD/amd64 7.6-current, where it (expectedly) fails to create a UNIX socket in `0755 root:wheel /var/run/` *after* calling setuid(2) to `nobody`: ``` # yggdrasil -autoconf -user nobody 2024/11/03 21:15:27 Build name: yggdrasil-go 2024/11/03 21:15:27 Build version: 0.5.9 ... 2024/11/03 21:15:27 Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: permission denied ``` Rerun, now the order is flipped: ``` # yggdrasil -autoconf -user nobody 2024/11/03 21:15:34 Build name: yggdrasil-go 2024/11/03 21:15:34 Build version: 0.5.9 [...] 2024/11/03 21:15:34 UNIX admin socket listening on /var/run/yggdrasil.sock [...] ``` The `AdminSocket`s `done` channel is insufficient to sync here, waiting for `n.admin.IsStarted()` does not guarantee socket creation, so export a simple boolean instead. This is a minimal fix to prevent startup failure; TUN interface and raw socket creation (to manage routes) might suffer the same problem, but I have not seem them fail yet. Fixes yggdrasil-network#927.
diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go
@@ -281,6 +281,14 @@ func main() {
 		<-done
 	})
 
+	// Wait for other goroutines to finish potentially privileged tasks before dropping privileges.
+	for {
+		// control socket:  UNIX requires filesystem permissions, TCP may use a low privileged port.
+		if n.admin.Created {
+			break
+		}
+	}
+
 	// Change user if requested
 	if *chuserto != "" {
 		err = chuser(*chuserto)
diff --git a/src/admin/admin.go b/src/admin/admin.go
@@ -26,6 +26,7 @@ type AdminSocket struct {
 	config   struct {
 		listenaddr ListenAddress
 	}
+	Created  bool
 }
 
 type AdminSocketRequest struct {
@@ -274,6 +275,7 @@ func (a *AdminSocket) listen() {
 		a.log.Errorf("Admin socket failed to listen: %v", err)
 		os.Exit(1)
 	}
+	a.Created = true
 	a.log.Infof("%s admin socket listening on %s",
 		strings.ToUpper(a.listener.Addr().Network()),
 		a.listener.Addr().String())

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ type AdminSocket struct {`
`26`	`26`	`config struct {`
`27`	`27`	`listenaddr ListenAddress`
`28`	`28`	`}`
	`29`	`+ Created bool`
`29`	`30`	`}`
`30`	`31`
`31`	`32`	`type AdminSocketRequest struct {`
`@@ -274,6 +275,7 @@ func (a *AdminSocket) listen() {`
`274`	`275`	`a.log.Errorf("Admin socket failed to listen: %v", err)`
`275`	`276`	`os.Exit(1)`
`276`	`277`	`}`
	`278`	`+ a.Created = true`
`277`	`279`	`a.log.Infof("%s admin socket listening on %s",`
`278`	`280`	`strings.ToUpper(a.listener.Addr().Network()),`
`279`	`281`	`a.listener.Addr().String())`