Bug 249151 - security/stunnel: cannot create pid file when setuid set
Summary: security/stunnel: cannot create pid file when setuid set
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ryan Steinmetz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-06 16:40 UTC by Matthew Horan
Modified: 2021-05-12 05:49 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Attachments
patch for security/stunnel (2.80 KB, patch)
2021-02-10 04:07 UTC, Tatsuki Makino
tatsuki_makino: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Horan 2020-09-06 16:40:44 UTC
By default the port will run as root and is therefore able to write a pid file in /var/run. However, when setting setuid in the config file as recommended, this is not possible. It seems the pid file is not written by stunnel before dropping privileges. I'm not sure what the best fix for this would be, but it'd be great if I could run stunnel as non-root.
Comment 1 Tatsuki Makino 2021-02-10 04:07:25 UTC
Created attachment 222319 [details]
patch for security/stunnel

Define the default PID file and make substitutions.
Create a one-level directory where PID files can be written.
Comment 2 Tatsuki Makino 2021-05-12 05:49:57 UTC
Not that it matters, but the following command will give you the port of the stunnel that root started.

sockstat -l | grep \^root\ \*stunnel