Drop privileges more.

git-svn-id: file:///svn/unbound/trunk@1209 be551aaa-1e26-0410-a405-d3ace91eadb9

config.h.in

@@ -136,6 +136,18 @@
 /* Define to 1 if you have the `sendmsg' function. */
 #undef HAVE_SENDMSG
 
+/* Define to 1 if you have the `setregid' function. */
+#undef HAVE_SETREGID
+
+/* Define to 1 if you have the `setresgid' function. */
+#undef HAVE_SETRESGID
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
 /* Define to 1 if you have the `setsid' function. */
 #undef HAVE_SETSID
 

configure

@@ -24000,13 +24000,11 @@ _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-#include <sys/types.h> /* for off_t */
+#include <stdio.h>
-     #include <stdio.h>
 int
 main ()
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
+return fseeko (stdin, 0, 0) && (fseeko) (stdin, 0, 0);
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
   ;
   return 0;
 }
@@ -24046,13 +24044,11 @@ cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 #define _LARGEFILE_SOURCE 1
-#include <sys/types.h> /* for off_t */
+#include <stdio.h>
-     #include <stdio.h>
 int
 main ()
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
+return fseeko (stdin, 0, 0) && (fseeko) (stdin, 0, 0);
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
   ;
   return 0;
 }
@@ -24666,7 +24662,11 @@ fi
 
 
 
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev
+
+
+
+
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_func" >&5

configure.ac

@@ -781,7 +781,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES
 if test $ac_cv_func_getaddrinfo = no; then
 AC_LIBOBJ([fake-rfc2553])
 fi
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid])
 
 # check mkdir
 AC_MSG_CHECKING([whether mkdir has one arg])

daemon/unbound.c

@@ -374,10 +374,22 @@ do_chroot(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	}
 #ifdef HAVE_GETPWNAM
 	if(cfg->username && cfg->username[0]) {
+#ifdef HAVE_SETRESGID
+		if(setresgid(gid,gid,gid) != 0)
+#elif defined(HAVE_SETREGID)
+		if(setregid(gid,gid) != 0)
+#else /* use setgid */
 		if(setgid(gid) != 0)
+#endif /* HAVE_SETRESGID */
 			fatal_exit("unable to set group id of %s: %s", 
 				cfg->username, strerror(errno));
+#ifdef HAVE_SETRESUID
+		if(setresuid(uid,uid,uid) != 0)
+#elif defined(HAVE_SETREUID)
+		if(setreuid(uid,uid) != 0)
+#else /* use setuid */
 		if(setuid(uid) != 0)
+#endif /* HAVE_SETRESUID */
 			fatal_exit("unable to set user id of %s: %s", 
 				cfg->username, strerror(errno));
 		verbose(VERB_QUERY, "drop user privileges, run as %s", 

doc/Changelog

@@ -4,6 +4,7 @@
 	- test for DLV used for a zone below a trustanchor.
 	- added scrub filter for overreaching NSEC records and unit test.
 	- iana portlist update
+	- use of setresuid or setreuid when available.
 
 25 August 2008: Wouter
 	- realclean patch from Robert Edmonds.