mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-14 21:06:44 +08:00
fa542426e5
This resolves a local privilege escalation (LPE). Prior to this change, a non-admin user could utilize serve to access local Unix sockets they otherwise should not be able to access. For example, tailscale serve --http 80 unix:/var/run/docker.sock would give the user access to the Docker socket (usually root only). This works because tailscaled has root access and implements the proxy to the socket (see also: 'the confused deputy problem'). We resolve the problem by refusing to serve Unix targets altogether unless instructed to by a root user. Thanks to Tim Sageser (dtrsecurity) for this report. Fixes tailscale/corp#41998 Signed-off-by: Harry Harpham <harry@tailscale.com> |
||
|---|---|---|
| .. | ||
| cert.go | ||
| debug.go | ||
| debugderp.go | ||
| disabled_stubs.go | ||
| localapi_drive.go | ||
| localapi_test.go | ||
| localapi.go | ||
| pprof.go | ||
| serve.go | ||
| syspolicy_api.go | ||
| tailnetlock.go | ||