From aac59883b9bfbb411e8af6956df82639e65eb890 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 20 Apr 2016 11:05:12 +0200 Subject: [PATCH] dnsdist: Drop privileges after daemonizing and writing our pid --- pdns/dnsdist.cc | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index c301c7fa0b..92e20968ae 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -1644,18 +1644,6 @@ try } #endif - uid_t newgid=0; - gid_t newuid=0; - - if(!g_cmdLine.gid.empty()) - newgid = strToGID(g_cmdLine.gid.c_str()); - - if(!g_cmdLine.uid.empty()) - newuid = strToUID(g_cmdLine.uid.c_str()); - - dropGroupPrivs(newgid); - dropUserPrivs(newuid); - if(g_cmdLine.beDaemon) { g_console=false; daemonize(); @@ -1675,6 +1663,18 @@ try infolog("ACL allowing queries from: %s", acls.c_str()); } + uid_t newgid=0; + gid_t newuid=0; + + if(!g_cmdLine.gid.empty()) + newgid = strToGID(g_cmdLine.gid.c_str()); + + if(!g_cmdLine.uid.empty()) + newuid = strToUID(g_cmdLine.uid.c_str()); + + dropGroupPrivs(newgid); + dropUserPrivs(newuid); + /* this need to be done _after_ dropping privileges */ g_delay = new DelayPipe(); -- 2.47.2