mosquitto

privileges are dropped prematurely when running as daemon under root

Bug #1387146 reported by Martin Planer
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mosquitto
New
Undecided
Unassigned

Bug Description

When mosquitto is started as root (e.g. using an init.d script) and the private keys needed for SSL/TLS are only readable by the root user (as is common best practice), mosquitto is unable to read the required key files as the privileges are dropped before the initialization of the corresponding listeners.

As I really don't want to make my private keys readable by any other user than root, the dropping of privileges should be postponed to a point after the initialization of the listeners.

Tested version: 1.4 branch (Mercurial repository, commit 2d4f5c4abf05)
OS: Debian 6 (with private key files in /etc/ssl/private with owner root:root and 600 permissions)

I have tried to fix this problem by simply moving the respective lines of code further down in mosquitto.c::main (see attached diff), but I do not have a full understanding of the complete mosquitto codebase to gauge if this will cause any other side effects or problems.

Revision history for this message
Martin Planer (mplaner) wrote :
Revision history for this message
Roger Light (roger.light) wrote :

Hi there,

I'm migrating bugs to Eclipse, the new url for this bug is:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=452914

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.