upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- fix bug #444: setusercontext was called too late (thanks Bjorn

Browse source 
Ketelaars).



git-svn-id: file:///svn/unbound/trunk@2657 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2012-04-05 09:30:04 +00:00
parent a0db316445
commit 279f409636
2 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
daemon/unbound.c
View file

@ -502,6 +502,21 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
(void)daemon;
#endif
/* Set user context */
#ifdef HAVE_GETPWNAM
if(cfg->username && cfg->username[0]) {
#ifdef HAVE_SETUSERCONTEXT
/* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/
if(setusercontext(NULL, pwd, uid,
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
#endif /* HAVE_SETUSERCONTEXT */
}
#endif /* HAVE_GETPWNAM */
/* box into the chroot */
#ifdef HAVE_CHROOT
if(cfg->chrootdir && cfg->chrootdir[0]) {
@ -554,20 +569,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
#ifdef HAVE_GETPWNAM
if(cfg->username && cfg->username[0]) {
#ifdef HAVE_SETUSERCONTEXT
/* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/
if(setusercontext(NULL, pwd, uid, LOGIN_SETALL) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
#else /* !HAVE_SETUSERCONTEXT */
# ifdef HAVE_INITGROUPS
if(initgroups(cfg->username, gid) != 0)
log_warn("unable to initgroups %s: %s",
cfg->username, strerror(errno));
# endif /* HAVE_INITGROUPS */
#endif /* HAVE_SETUSERCONTEXT */
endpwent();
#ifdef HAVE_SETRESGID

2
doc/Changelog
View file

@ -1,5 +1,7 @@
5 April 2012: Wouter
- fix bug #443: --with-chroot-dir not honoured by configure.
- fix bug #444: setusercontext was called too late (thanks Bjorn
Ketelaars).
27 March 2012: Wouter
- fix bug #442: Fix that Makefile depends on pythonmod headers