From: Willy Tarreau <w@1wt.eu>
Date: Mon, 27 Mar 2017 14:22:59 +0000 (+0200)
Subject: BUG/MEDIUM: tcp: don't require privileges to bind to device
X-Git-Tag: v1.8-dev1~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19060a302033b70fbe29eb825617b03ea5e9e71d;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: tcp: don't require privileges to bind to device

Ankit Malp reported a bug that we've had since binding to devices was
implemented. Haproxy wrongly checks that the process stays privileged
after startup when a binding to a device is specified via the bind
keyword "interface". This is wrong, because after startup we're not
binding any socket anymore, and during startup if there's a permission
issue it will be immediately reported ("permission denied"). More
importantly there's no way around it as the process exits on startup
when facing such an option.

This fix should be backported to 1.7, 1.6 and 1.5.
---

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index b664831baa..5e12b9990e 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1698,7 +1698,6 @@ static int bind_parse_interface(char **args, int cur_arg, struct proxy *px, stru
 			l->interface = strdup(args[cur_arg + 1]);
 	}
 
-	global.last_checks |= LSTCHK_NETADM;
 	return 0;
 }
 #endif