ipn/ipnserver: grant client r/w access if peer uid matches tailscaled

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-02 11:59:48 -08:00 · 2021-03-02 11:59:48 -08:00 · 15b6969a95
parent 63ed4dd6c9
commit 15b6969a95
1 changed files with 5 additions and 0 deletions
--- a/ipn/ipnserver/server.go
+++ b/ipn/ipnserver/server.go
@ -19,6 +19,7 @@ import (
 	"os/signal"
 	"os/user"
 	"runtime"
+	"strconv"
 	"strings"
 	"sync"
 	"sync/atomic"
@ -336,6 +337,10 @@ func isReadonlyConn(c net.Conn, logf logger.Logf) bool {
 		logf("connection from userid %v; root has access", uid)
 		return rw
 	}
+	if selfUID := os.Getuid(); selfUID != 0 && uid == strconv.Itoa(selfUID) {
+		logf("connection from userid %v; connection from non-root user matching daemon has access", uid)
+		return rw
+	}
 	var adminGroupID string
 	switch runtime.GOOS {
 	case "darwin":