Conversation
waynew
left a comment
waynew
left a comment
There was a problem hiding this comment.
I'm not particularly sure how to test for this aside from an integration test (at least using the definition I used on the Salt Project).
I went ahead and implemented my own little sample python asyncio server on my Test Clinic tonight, and verified that setuid to nobody before server creation like we were doing will throw the permissions error.
I'm not 100% positive about any security implications, I'm assuming that the correct thing happens here once we hit the setuid line, but... not positive.
It would be nice if we could have some automated tests for this, but... I am OK with it. FWIW #370 would have a conflict here if we end out merging that one first.
Or vice versa 🙃
|
Note that there is a QA issue with comment line being a little too long. |
Listening to a port < 1024 without `--nosetuid` leads to a permission error. The UID change is done too early: we should first open the port, then change the UID. Fixes aio-libs#304
|
Hello @pepoluan , is there a chance this can be looked at? Thanks |
I'll see what I can do this weekend. |
3 participants
What do these changes do?
Listening to a port < 1024 without
--nosetuidleads to a permission error.The UID change is done too early: we should first open the port, then change the UID.
Are there changes in behavior for the user?
Users can now drop privileges while listening to port < 1024.
Related issue number
Fixes #304
Checklist
{py36,py37,py38,py39}-{nocov,cov,diffcov}, qa, docs{py36,py37,py38,py39}-{nocov,cov,diffcov}{py36,py37,py38,py39}-{nocov,cov,diffcov}, pypy3-{nocov,cov}, qa, docs{py36,pypy3}-{nocov,cov,diffcov}, qapy36-{nocov,cov,diffcov}, qa, docsNEWS.rstfile