set group and supplementary groups before chroot

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 80d1c7fe89c8d24d415ab02d7506c23b7dc8cd8c..82d1bbf6c79e57f3934d960cd57b42d881a9ab6f 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -347,16 +347,19 @@ void mainthread()
    if(!::arg()["chroot"].empty()) {  
      if(::arg().mustDo("master") || ::arg().mustDo("slave"))
         gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
+     Utility::dropGroupPrivs(newuid, newgid);
      if(chroot(::arg()["chroot"].c_str())<0 || chdir("/")<0) {
        L<<Logger::Error<<"Unable to chroot to '"+::arg()["chroot"]+"': "<<strerror(errno)<<", exiting"<<endl; 
        exit(1);
      }   
      else
        L<<Logger::Error<<"Chrooted to '"<<::arg()["chroot"]<<"'"<<endl;      
-   }  
+   } else {
+     Utility::dropGroupPrivs(newuid, newgid);
+   }
 
   StatWebServer sws;
-  Utility::dropPrivs(newuid, newgid);
+  Utility::dropUserPrivs(newuid);
 
   if(::arg().mustDo("recursor")){
     DP=new DNSProxy(::arg()["recursor"]);

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index aae499d571297c650830f702e1545b7467485c46..773476cc93c314a91b001ec7ef327eb15e473dbd 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1830,6 +1830,8 @@ int serviceMain(int argc, char*argv[])
   if(!::arg()["setuid"].empty())
     newuid=Utility::makeUidNumeric(::arg()["setuid"]);
 
+  Utility::dropGroupPrivs(newuid, newgid);
+
   if (!::arg()["chroot"].empty()) {
     if (chroot(::arg()["chroot"].c_str())<0 || chdir("/") < 0) {
       L<<Logger::Error<<"Unable to chroot to '"+::arg()["chroot"]+"': "<<strerror (errno)<<", exiting"<<endl;
@@ -1837,7 +1839,7 @@ int serviceMain(int argc, char*argv[])
     }
   }
 
-  Utility::dropPrivs(newuid, newgid);
+  Utility::dropUserPrivs(newuid);
   g_numThreads = ::arg().asNum("threads") + ::arg().mustDo("pdns-distributes-queries");
   
   makeThreadPipes();

diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc
index 5d909b28a196759f074ed87e6aec888e212fba4f..e85e306144a8d635c263fac375540c62b516e461 100644 (file)
--- a/pdns/unix_utility.cc
+++ b/pdns/unix_utility.cc
@@ -123,8 +123,8 @@ void Utility::usleep(unsigned long usec)
 }
 
 
-// Drops the program's privileges.
-void Utility::dropPrivs( int uid, int gid )
+// Drops the program's group privileges.
+void Utility::dropGroupPrivs( int uid, int gid )
 {
   if(gid) {
     if(setgid(gid)<0) {
@@ -148,7 +148,12 @@ void Utility::dropPrivs( int uid, int gid )
       }
     }
   }
+}
+
 
+// Drops the program's user privileges.
+void Utility::dropUserPrivs( int uid )
+{
   if(uid) {
     if(setuid(uid)<0) {
       theL()<<Logger::Critical<<"Unable to set effective user id to "<<uid<<":  "<<stringerror()<<endl;

diff --git a/pdns/utility.hh b/pdns/utility.hh
index e01d4a6e3f91f012e96e13e09f5b916fb2fe2386..2e6997b497957d0aeff5346dc35934999fc8d37c 100644 (file)
--- a/pdns/utility.hh
+++ b/pdns/utility.hh
@@ -134,8 +134,11 @@ public:
   //! Sets the random seed.
   static void srandom( unsigned int seed );
 
-  //! Drops the program's privileges.
-  static void dropPrivs( int uid, int gid );
+  //! Drops the program's group privileges.
+  static void dropGroupPrivs( int uid, int gid );
+
+  //! Drops the program's user privileges.
+  static void dropUserPrivs( int uid );
   
   //! Sets the socket into blocking mode.
   static bool setBlocking( Utility::sock_t socket );