This resolves a local privilege escalation (LPE). Prior to this change,
a non-admin user could utilize serve to access local Unix sockets they
otherwise should not be able to access. For example,
tailscale serve --http 80 unix:/var/run/docker.sock
would give the user access to the Docker socket (usually root only).
This works because tailscaled has root access and implements the proxy
to the socket (see also: 'the confused deputy problem').
We resolve the problem by refusing to serve Unix targets altogether
unless instructed to by a root user.
Thanks to Tim Sageser (dtrsecurity) for this report.
Fixestailscale/corp#41998
Signed-off-by: Harry Harpham <harry@tailscale.com>
fa542426e5