From 15b6969a951b350929bc8b2438e5b6f7daf8b730 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Tue, 2 Mar 2021 11:59:48 -0800 Subject: [PATCH] ipn/ipnserver: grant client r/w access if peer uid matches tailscaled Signed-off-by: Brad Fitzpatrick --- ipn/ipnserver/server.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ipn/ipnserver/server.go b/ipn/ipnserver/server.go index 15bbba694..ae053f88f 100644 --- a/ipn/ipnserver/server.go +++ b/ipn/ipnserver/server.go @@ -19,6 +19,7 @@ import ( "os/signal" "os/user" "runtime" + "strconv" "strings" "sync" "sync/atomic" @@ -336,6 +337,10 @@ func isReadonlyConn(c net.Conn, logf logger.Logf) bool { logf("connection from userid %v; root has access", uid) return rw } + if selfUID := os.Getuid(); selfUID != 0 && uid == strconv.Itoa(selfUID) { + logf("connection from userid %v; connection from non-root user matching daemon has access", uid) + return rw + } var adminGroupID string switch runtime.GOOS { case "darwin":