tincctl patches

[Scott Lamb]

Guus Sliepen wrote:
> AIX? I didn't know tinc ran on that :)

I didn't either, but I'd like to head off any surprises if tinc is 
ported to similar platforms in the future.

> Anyway, just go with the secured
> directory approach. The handshake is an option. Binding to < 1024 ports
> is not, because then you lose the ability to run tinc as a normal user.

Ahh, I hadn't realized that it could - I suppose by chmod/chowning 
/dev/net/tun and running on a different port. Not a bad idea, really.

My change broke this - it requires the control socket to be accessible 
only by root. Both tincd and tincctl will refuse to run now if tincd is 
not root.

tincd could be easily changed to allow st_uid == getuid() as well as 0.

tincctl's behavior is a matter of security policy, and I don't know what 
you want:

* require tincctl's getuid() to match tincd's getuid(). (not great 
really...)

* remove the stat() checks entirely and place the burden on the 
sysadmin. (fine with me)

* add a new commandline/configuration option
* let tincd start as root (keeping tincctl unmodified) and drop 
privileges to a user/group specified in the configuration file

Personally, I leave my socket in /var/run/tinc.slamb.org.control/socket, 
and if there's someone messing with the permissions there, I have bigger 
problems.