diff --git a/config.h.in b/config.h.in index f7351539a..74632c302 100644 --- a/config.h.in +++ b/config.h.in @@ -188,6 +188,9 @@ /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID +/* Define to 1 if you have the `setusercontext' function. */ +#undef HAVE_SETUSERCONTEXT + /* Define to 1 if you have the `sigprocmask' function. */ #undef HAVE_SIGPROCMASK diff --git a/configure b/configure index 408c09cd8..b0ad08756 100755 --- a/configure +++ b/configure @@ -25380,7 +25380,8 @@ fi -for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r + +for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 diff --git a/configure.ac b/configure.ac index 61cdaceb6..d359ff19b 100644 --- a/configure.ac +++ b/configure.ac @@ -855,7 +855,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES if test $ac_cv_func_getaddrinfo = no; then AC_LIBOBJ([fake-rfc2553]) fi -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext]) # check if setreuid en setregid fail, on MacOSX10.4(darwin8). if echo $build_os | grep darwin8 > /dev/null; then diff --git a/daemon/unbound.c b/daemon/unbound.c index 5fc3d6217..c526635c2 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -333,6 +333,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, const char** cfgfile) { #ifdef HAVE_GETPWNAM + struct passwd *pwd = NULL; uid_t uid; gid_t gid; /* initialize, but not to 0 (root) */ @@ -341,12 +342,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, log_assert(cfg); if(cfg->username && cfg->username[0]) { - struct passwd *pwd; if((pwd = getpwnam(cfg->username)) == NULL) fatal_exit("user '%s' does not exist.", cfg->username); uid = pwd->pw_uid; gid = pwd->pw_gid; - endpwent(); + /* endpwent below, in case we need pwd for setusercontext */ } #endif @@ -396,11 +396,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* delete of pidfile could potentially work, * chown to get permissions */ if(cfg->username && cfg->username[0]) { - if(chown(daemon->pidfile, uid, gid) == -1) { + if(chown(daemon->pidfile, uid, gid) == -1) { fatal_exit("cannot chown %u.%u %s: %s", (unsigned)uid, (unsigned)gid, daemon->pidfile, strerror(errno)); - } + } } } } @@ -460,11 +460,22 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* drop permissions after chroot, getpwnam, pidfile, syslog done*/ #ifdef HAVE_GETPWNAM if(cfg->username && cfg->username[0]) { -#ifdef HAVE_INITGROUPS +#ifdef HAVE_SETUSERCONTEXT + /* setusercontext does initgroups, setuid, setgid, and + * also resource limits from login config, but we + * still call setresuid, setresgid to be sure to set all uid*/ + if(setusercontext(NULL, pwd, uid, LOGIN_SETALL) != 0) + fatal_exit("could not setusercontext %s: %s", + cfg->username, strerror(errno)); +#else /* !HAVE_SETUSERCONTEXT */ +# ifdef HAVE_INITGROUPS if(initgroups(cfg->username, gid) != 0) log_warn("unable to initgroups %s: %s", cfg->username, strerror(errno)); -#endif +# endif /* HAVE_INITGROUPS */ +#endif /* HAVE_SETUSERCONTEXT */ + endpwent(); + #ifdef HAVE_SETRESGID if(setresgid(gid,gid,gid) != 0) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) @@ -486,7 +497,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, verbose(VERB_QUERY, "drop user privileges, run as %s", cfg->username); } -#endif +#endif /* HAVE_GETPWNAM */ /* file logging inited after chroot,chdir,setuid is done so that * it would succeed on SIGHUP as well */ if(!cfg->use_syslog) diff --git a/doc/Changelog b/doc/Changelog index f411b6995..849551f0e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +12 February 2009: Wouter + - call setusercontext if available (on BSD). + 10 February 2009: Wouter - keys with rfc5011 REVOKE flag are skipped and not considered when validating data.