BUG/MEDIUM: tcp: don't require privileges to bind to device

Ankit Malp reported a bug that we've had since binding to devices was
implemented. Haproxy wrongly checks that the process stays privileged
after startup when a binding to a device is specified via the bind
keyword "interface". This is wrong, because after startup we're not
binding any socket anymore, and during startup if there's a permission
issue it will be immediately reported ("permission denied"). More
importantly there's no way around it as the process exits on startup
when facing such an option.

This fix should be backported to 1.7, 1.6 and 1.5.

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index b664831baa6ce49de39c5fe3666c32fadb77bcd4..5e12b9990ef5ad720c5c80fee963e21fc4688a42 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1698,7 +1698,6 @@ static int bind_parse_interface(char **args, int cur_arg, struct proxy *px, stru
                        l->interface = strdup(args[cur_arg + 1]);
        }
 
-       global.last_checks |= LSTCHK_NETADM;
        return 0;
 }
 #endif