diff --git a/CHANGES b/CHANGES index 4e9b01e297..f7eb5b2266 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2629. [port] Check for seteuid()/setegid(), use setresuid()/ + setresgid() if not present. [RT #19932] + 2628. [port] linux: Allow /var/run/named/named.pid to be opened at startup with reduced capabilities in operation. [RT #19884] diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index dcdfbcc9a4..43bddf927d 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.96 2009/07/14 05:15:00 marka Exp $ */ +/* $Id: os.c,v 1.97 2009/07/14 22:38:38 each Exp $ */ /*! \file */ @@ -718,6 +718,34 @@ mkdirpath(char *filename, void (*report)(const char *, ...)) { return (-1); } +static void +setperms(uid_t uid, gid_t gid, void (*report)(const char *, ...)) { + char strbuf[ISC_STRERRORSIZE]; +#if defined(HAVE_SETEGID) + if (setegid(gid) == -1) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + (*report)("unable to set effective gid: %s", strbuf); + } +#elif defined(HAVE_SETRESGID) + if (setresgid(-1, gid, -1) == -1) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + (*report)("unable to set effective gid: %s", strbuf); + } +#endif + +#if defined(HAVE_SETEUID) + if (seteuid(uid) == -1) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + (*report)("unable to set effective uid: %s", strbuf); + } +#elif defined(HAVE_SETRESUID) + if (setresuid(-1, uid, -1) == -1) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + (*report)("unable to set effective uid: %s", strbuf); + } +#endif +} + void ns_os_writepidfile(const char *filename, isc_boolean_t first_time) { int fd; @@ -763,29 +791,10 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) { * Open the file using the uid/gid pair we will eventually * be running as. */ - if (setegid(runas_pw->pw_gid) == -1) { - isc__strerror(errno, strbuf, sizeof(strbuf)); - (*report)("unable to set effective gid: %s", strbuf); - /* NOTREACHED */ - } - if (seteuid(runas_pw->pw_uid) == -1) { - isc__strerror(errno, strbuf, sizeof(strbuf)); - (*report)("unable to set effective uid: %s", strbuf); - /* NOTREACHED */ - } + setperms(runas_pw->pw_uid, runas_pw->pw_gid, report); fd = safe_open(filename, ISC_FALSE); - if (seteuid(0) == -1) { - isc__strerror(errno, strbuf, sizeof(strbuf)); - (*report)("unable to restore effective uid: %s", - strbuf); - /* NOTREACHED */ - } - if (setegid(0) == -1) { - isc__strerror(errno, strbuf, sizeof(strbuf)); - (*report)("unable to restore effective gid: %s", - strbuf); - /* NOTREACHED */ - } + setperms(0, 0, report); + if (fd == -1) { /* * Backwards compatibility. diff --git a/config.h.in b/config.h.in index f789b549e6..99595db675 100644 --- a/config.h.in +++ b/config.h.in @@ -16,7 +16,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h.in,v 1.115 2009/06/10 02:23:42 marka Exp $ */ +/* $Id: config.h.in,v 1.117 2009/08/13 01:51:19 marka Exp $ */ /*! \file */ @@ -220,9 +220,21 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the header file. */ #undef HAVE_REGEX_H +/* Define to 1 if you have the `setegid' function. */ +#undef HAVE_SETEGID + +/* Define to 1 if you have the `seteuid' function. */ +#undef HAVE_SETEUID + /* Define to 1 if you have the `setlocale' function. */ #undef HAVE_SETLOCALE +/* Define to 1 if you have the `setresgid' function. */ +#undef HAVE_SETRESGID + +/* Define to 1 if you have the `setresuid' function. */ +#undef HAVE_SETRESUID + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H diff --git a/configure b/configure index 6a90e79807..7e0b0d5e57 100755 --- a/configure +++ b/configure @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. # -# $Id: configure,v 1.457 2009/06/30 02:53:46 each Exp $ +# $Id: configure,v 1.458 2009/07/14 22:39:30 each Exp $ # # Portions Copyright (C) 1996-2001 Nominum, Inc. # @@ -29,7 +29,7 @@ # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# From configure.in Revision: 1.471 . +# From configure.in Revision: 1.472 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61. # @@ -20920,6 +20920,200 @@ _ACEOF fi +# +# Older versions of HP/UX don't define seteuid() and setegid() +# + + +for ac_func in seteuid setresuid +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + +for ac_func in setegid setresgid +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + # # UnixWare 7.1.1 with the feature supplement to the UDK compiler # is reported to not support "static inline" (RT #1212). diff --git a/configure.in b/configure.in index e9eeacf9ac..83939cdb11 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.471 $) +AC_REVISION($Revision: 1.472 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.59) @@ -282,6 +282,12 @@ AC_C_INLINE AC_C_VOLATILE AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) +# +# Older versions of HP/UX don't define seteuid() and setegid() +# +AC_CHECK_FUNCS(seteuid setresuid) +AC_CHECK_FUNCS(setegid setresgid) + # # UnixWare 7.1.1 with the feature supplement to the UDK compiler # is reported to not support "static inline" (RT #1212).