View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006325 | unreal | ircd | public | 2023-08-09 21:21 | 2023-09-09 09:49 |
| Reporter | BlackBishop | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 6.1.2-rc2 | ||||
| Summary | 0006325: listen::file converts /tmp/xxx to data/tmp/xxx | ||||
| Description | unrealircd.conf listen block: listen { file /tmp/unrealircd.websocket; mode 0770; options { tls; websocket { type text; }; } tls-options { certificate "tls/websocketfullchain.pem"; key "tls/websocketprivkey.pem"; options { no-client-certificate; }; }; }; ➜ unrealircd ./unrealircd configtest _ _ _ ___________ _____ _ | | | | | |_ _| ___ \/ __ \ | | | | | |_ __ _ __ ___ __ _| | | | | |_/ /| / \/ __| | | | | | '_ \| '__/ _ \/ _` | | | | | / | | / _` | | |_| | | | | | | __/ (_| | |_| |_| |\ \ | \__/\ (_| | \___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_| v6.1.1.1 UnrealIRCd is brought to you by Bram Matthys (Syzop), Krzysztof Beresztant (k4be), Gottem and i Using the following libraries: * OpenSSL 3.0.8 7 Feb 2023 * libsodium 1.0.18 * c-ares 1.19.1 * PCRE2 10.42 2022-12-11 * jansson 2.14 This server can handle 16384 concurrent sockets (16376 clients + 8 reserve) [info] Loading IRCd configuration.. [info] Testing IRCd configuration.. [info] Configuration loaded [info] Configuration test passed OK The error does show in IRC when rehashing 22:11:00 -- | irc.d3x.ro: config.CONFIG_INFO_GENERIC [info] Testing IRCd configuration.. 22:11:00 -- | irc.d3x.ro: config.CONFIG_LOADED [info] Configuration loaded 22:11:00 -- | irc.d3x.ro: listen.LISTEN_BIND_ERROR [fatal] Could not listen on UNIX domain socket /home/ircd/unrealircd/data/tmp/unrealircd.websocket: No such file or directory 2 more things here: 1 - I expect /tmp to be /tmp not the datadir/tmp ... having it in the homedir there means I have to make sure the nginx user for example has access to all the dirs to get to that socket file too which I don't want to do... 2 - modes only 0700/0770/0770 ? why not 0755 too ? | ||||
| Steps To Reproduce | Use this as config listen { file /tmp/unrealircd.websocket; mode 0770; options { tls; websocket { type text; }; } tls-options { certificate "tls/websocketfullchain.pem"; key "tls/websocketprivkey.pem"; options { no-client-certificate; }; }; }; | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
./unrealircd configtest does test almost everything but it does not run listeners indeed. That's because you would otherwise get "in use" errors. I think that is common practice too for a config test, like apachectl configtest. Now for the real issue, or at least in my view.... This does not work: file /tmp/unrealircd.websocket; This does work: file "/tmp/unrealircd.websocket"; That's weird, and I will look into this, only // should be special as it means a comment, not / which is just a regular slash :) |
|
|
Can confirm the quotes makes the socket in the right place. |
|
|
And after a little bit of fiddling with nginx and adding it to the right group and overriding privatetmp (gotta love systemd) and restarting nginx... all worked... $ cat /etc/systemd/system/nginx.service.d/local.conf [Service] PrivateTmp=false Still, would be nice to directly set the group to ircd for example. Another sysadmin solution that pops in my mind now is ACLs for the file `setfacl` |
|
|
Fixed now (after rc1). Thanks for the report :) https://github.com/unrealircd/unrealircd/commit/942b8a604df8b074db4d6d32dba133bc8e05cc15 commit 942b8a604df8b074db4d6d32dba133bc8e05cc15 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Sat Sep 9 09:41:47 2023 +0200 Config file: when not using quotes, don't silently drop slashes in names/values. In the config file, when not using quotes, a slash at the beginning of a variable name or value was silently discarded (eg `file /tmp/xyz;` resulted in a file `tmp/xyz`). Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6325 |
|
|
Oh and as for tweaking access, you can also prepare a directory with the correct permissions and then put the socket in there. We also do that in this guide: https://www.unrealircd.org/docs/Running_Tor_Onion_service_with_UnrealIRCd |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-08-09 21:21 | BlackBishop | New Issue | |
| 2023-08-15 09:08 | syzop | Note Added: 0022988 | |
| 2023-08-15 09:09 | syzop | Summary | configtest doesn't yell fatalerror for listen::file => listen::file converts /tmp/xxx to data/tmp/xxx |
| 2023-08-15 09:14 | syzop | Assigned To | => syzop |
| 2023-08-15 09:14 | syzop | Status | new => confirmed |
| 2023-08-15 10:30 | BlackBishop | Note Added: 0022996 | |
| 2023-08-15 10:43 | BlackBishop | Note Added: 0022997 | |
| 2023-09-09 09:46 | syzop | Status | confirmed => resolved |
| 2023-09-09 09:46 | syzop | Resolution | open => fixed |
| 2023-09-09 09:46 | syzop | Fixed in Version | => 6.1.2-rc2 |
| 2023-09-09 09:46 | syzop | Note Added: 0023016 | |
| 2023-09-09 09:49 | syzop | Note Added: 0023017 |
