safesocket, ipn/ipnserver: look up peer creds on Darwin

And open up socket permissions like Linux, now that we know who connections are from. This uses the new inet.af/peercred that supports Linux and Darwin at the moment. Fixes #1347 Fixes #1348 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-28 08:13:11 +00:00 · 2021-02-15 20:50:20 -08:00
parent 65815cc1ac
commit d3efe8caf6
7 changed files with 24 additions and 79 deletions
--- a/go.mod
+++ b/go.mod
@@ -32,7 +32,7 @@ require (
 	golang.org/x/net v0.0.0-20201224014010-6772e930b67b
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
-	golang.org/x/sys v0.0.0-20210105210732-16f7687f5001
+	golang.org/x/sys v0.0.0-20210216224549-f992740a1bac
 	golang.org/x/term v0.0.0-20201207232118-ee85cb95a76b
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
 	golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58
@@ -40,5 +40,6 @@ require (
 	gvisor.dev/gvisor v0.0.0-20210111185822-3ff3110fcdd6
 	honnef.co/go/tools v0.1.0
 	inet.af/netaddr v0.0.0-20210105212526-648fbc18a69d
+	inet.af/peercred v0.0.0-20210216231719-993aa01eacaa
 	rsc.io/goversion v1.2.0
 )