[Varnish] #1699: Binding to port 80 fail. (privs dropped by then)
Varnish
varnish-bugs at varnish-cache.org
Tue Apr 7 12:46:23 CEST 2015
#1699: Binding to port 80 fail. (privs dropped by then)
----------------------+-------------------
Reporter: lkarsten | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Keywords:
----------------------+-------------------
git master 6044905 drops privileges before it tries to bind to port 80,
which leads to permission denied and a non-starting varnishd.
Expected behaviour: bind to privileged ports before setresuid() and
setresgid().
{{{
6526 execve("/opt/varnish/sbin/varnishd", ["/opt/varnish/sbin/varnishd",
"-P", "/var/run/varnish/varnishd.pid", "-a", ":80", "-T",
"localhost:6082", "-f", "/etc/varnish/default4.vcl", "-S",
"/etc/varnish/secret", "-p", "nuke_limit=50000", "-p",
"fetch_chunksize=8k", "-p", ...], [/* 27 vars */]) = 0
[..]
6526 setresgid(-1, 125, -1) = 0
6526 setresuid(-1, 118, -1) = 0
[..]
6526 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
6526 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
6526 bind(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EACCES (Permission denied)
6526 close(3) = 0
6526 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 3
6526 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
6526 setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
6526 bind(3, {sa_family=AF_INET6, sin6_port=htons(80),
inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0},
28) = -1 EACCES (Permission denied)
6526 close(3) = 0
6526 write(2, "Error: Could not bind to address"..., 56) = 56
6526 exit_group(2) = ?
6526 +++ exited with 2 +++
}}}
(uid 118 == varnish user, gid 125 == varnish group)
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1699>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list