mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-24 07:52:47 -04:00
fa542426e5
This resolves a local privilege escalation (LPE). Prior to this change, a non-admin user could utilize serve to access local Unix sockets they otherwise should not be able to access. For example, tailscale serve --http 80 unix:/var/run/docker.sock would give the user access to the Docker socket (usually root only). This works because tailscaled has root access and implements the proxy to the socket (see also: 'the confused deputy problem'). We resolve the problem by refusing to serve Unix targets altogether unless instructed to by a root user. Thanks to Tim Sageser (dtrsecurity) for this report. Fixes tailscale/corp#41998 Signed-off-by: Harry Harpham <harry@tailscale.com>