From b3e975824ea9ebae8dbea5b451c8d02525c83ffe Mon Sep 17 00:00:00 2001 From: James Yonan Date: Thu, 3 Mar 2016 01:19:06 -0700 Subject: [PATCH] Bind to local socket before dropping privileges Bind the local TCP/UDP socket before UID/GID downgrade, otherwise we cannot bind to ports < 1024. Signed-off-by: James Yonan Acked-by: David Sommerseth Message-Id: 1456993146-63968-10-git-send-email-james@openvpn.net URL: http://www.mail-archive.com/search?l=mid&q=1456993146-63968-10-git-send-email-james@openvpn.net Signed-off-by: David Sommerseth --- src/openvpn/init.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 87a0e32b2..ad4ebc33d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3696,6 +3696,10 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int open_plugins (c, false, OPENVPN_PLUGIN_INIT_POST_DAEMON); #endif + /* finalize the TCP/UDP socket */ + if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) + do_init_socket_2 (c); + /* * Actually do UID/GID downgrade, and chroot, if requested. * May be delayed by --client, --pull, or --up-delay. @@ -3705,10 +3709,6 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int /* initialise connect timeout timer */ do_init_server_poll_timeout(c); - /* finalize the TCP/UDP socket */ - if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) - do_init_socket_2 (c); - /* initialize timers */ if (c->mode == CM_P2P || child) do_init_timers (c, false); -- 2.47.2