pkg/httputil: allow local connections from root

Context: https://groups.google.com/d/msg/camlistore/RtpjveY4FVM/P5xldD88CQAJ Change-Id: Ibc4a1052d94129a40a390390f91d90e6d3236ccd
2015-10-15 15:34:35 +02:00 · 2015-10-15 15:34:35 +02:00 · e52149992a
parent 2ee493d48b
commit e52149992a
1 changed files with 7 additions and 1 deletions
--- a/pkg/httputil/auth.go
+++ b/pkg/httputil/auth.go
@ -63,7 +63,13 @@ func IsLocalhost(req *http.Request) bool {
 	if uid > 0 {
 		connUid, err := netutil.AddrPairUserid(from, to)
 		if err == nil {
-			if uid == connUid {
+			if uid == connUid || connUid == 0 {
+				// If it's the same user who's running the server, allow it.
+				// Also allow root, so users can "sudo camput" files.
+				// Allowing root isn't a security problem because if root wants
+				// to mess with the local user, they already can. This whole mechanism
+				// is about protecting regular users from other regular users
+				// on shared computers.
 				return true
 			}
 			log.Printf("auth: local connection uid %d doesn't match server uid %d", connUid, uid)