Defer creation of Unix socket until after setuid

2 files changed, 12 insertions, 0 deletions

diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation
new file mode 100644
index 0000000000..f1896c044a
--- /dev/null
+++ b/changes/bug17562-defer-unix-socket-creation
@@ -0,0 +1,4 @@
+  o Minor bug fixes:
+    - Defer creation of Unix sockets until after setuid. This avoids needing
+      CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
+      chown and fowner when using SELinux.
diff --git a/src/or/connection.c b/src/or/connection.c
index 7b8cc6ba39..575bbf119b 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2386,6 +2386,14 @@ retry_listener_ports(smartlist_t *old_conns,
     if (port->server_cfg.no_listen)
       continue;
 
+#ifndef _WIN32
+    /* We don't need to be root to create a UNIX socket, so defer until after
+     * setuid. */
+    const or_options_t *options = get_options();
+    if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
+      continue;
+#endif
+
     if (port->is_unix_addr) {
       listensockaddr = (struct sockaddr *)
         create_unix_sockaddr(port->unix_addr,