for servers that handle incoming network connections and authentication,
change the owner of the network connection file to the authenticated user
after successfull authentication.
note that we set the permissions as well to 0660 because old devip used
to unconditionally set the bits.
tlsServer() closes the passed in fd, in our case fd=1 leaving it
with no std output which got occupied by pipe() filedescriptor
which it then closed after duping... a classic.
delete all this mess. theres no reason to fork() and copy traffic
on a pipe at all as tlsServer() gives us a perfectly valid filedescriptor.
just dup() and exec() and we'r done.
- TLSconn structure on stack but not initialized (zeroed)
- original filedescriptor double closed in error case
- original filedescriptor leaked in success case
- leaked TLSconn.sessionID and TLSconn.cert
- clarify in pushtls(2) and pushssl(2)