7762 – tlstunnel still runs as root on Debian/Ubuntu

Bug 7762 - tlstunnel still runs as root on Debian/Ubuntu

Summary: tlstunnel still runs as root on Debian/Ubuntu

Status:	CLOSED FIXED

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Misc (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.14.0
Assignee:	Pierre Ossman

URL:
Keywords:	nikle_tester, prosaic

Depends on:
Blocks:

Reported:	2021-09-02 14:51 CEST by Pierre Ossman
Modified:	2021-09-07 16:15 CEST (History)
CC List:	1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2021-09-02 14:51:40 CEST

In bug 5045 we changed tlstunnel to drop root privileges once they were no longer needed. Unfortunately we didn't properly test it as it doesn't work on Debian derived distributions, such as Ubuntu.

The problem is that Debian doesn't have the group "nobody". Instead they have "nogroup". Our code needs to be prepared to deal with both.

Comment 1 Pierre Ossman cendio

2021-09-02 14:53:44 CEST

This is seen in the log if you enable debug logging:

> 2021-09-02 12:48:24 DEBUG tlwebaccess[318576]: [::ffff:10.48.0.7] Could not look up 'nobody' group: Success

Comment 4 Pierre Ossman cendio

2021-09-03 11:08:15 CEST

Works well now. Tested on Ubuntu 20.04.

Comment 5 Niko Lehto cendio

2021-09-07 16:15:33 CEST

Tested on Ubuntu 18.04.
I could reproduce the issue on 4.13.0. Works good with build 2263 containing the changes.

Note You need to log in before you can comment on or make changes to this bug.