From: Pieter Lexis Date: Mon, 20 May 2019 13:51:52 +0000 (+0200) Subject: dnsdist: Refuse to start on -u/-g misconfig X-Git-Tag: auth-4.3.0-beta2~34^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2138f20944c5a24a813a139663dccbfa06c717b;p=thirdparty%2Fpdns.git dnsdist: Refuse to start on -u/-g misconfig --- diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 98d646d54f..cc23363642 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -37,6 +37,7 @@ #include #endif +#include "dnsdist-systemd.hh" #ifdef HAVE_SYSTEMD #include #endif @@ -2659,10 +2660,21 @@ try if(!g_cmdLine.uid.empty()) newuid = strToUID(g_cmdLine.uid.c_str()); - if (getegid() != newgid) + if (getegid() != newgid) { + if (running_in_service_mgr()) { + errlog("--gid/-g set on command-line, but dnsdist was started as a systemd service. Use the 'Group' setting in the systemd unit file to set the group to run as"); + _exit(EXIT_FAILURE); + } dropGroupPrivs(newgid); - if (geteuid() != newuid) + } + + if (geteuid() != newuid) { + if (running_in_service_mgr()) { + errlog("--uid/-u set on command-line, but dnsdist was started as a systemd service. Use the 'User' setting in the systemd unit file to set the user to run as"); + _exit(EXIT_FAILURE); + } dropUserPrivs(newuid); + } try { /* we might still have capabilities remaining, diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am index 36177aabbe..5f54b0babb 100644 --- a/pdns/dnsdistdist/Makefile.am +++ b/pdns/dnsdistdist/Makefile.am @@ -127,6 +127,7 @@ dnsdist_SOURCES = \ dnsdist-rules.hh \ dnsdist-secpoll.cc dnsdist-secpoll.hh \ dnsdist-snmp.cc dnsdist-snmp.hh \ + dnsdist-systemd.cc dnsdist-systemd.hh \ dnsdist-tcp.cc \ dnsdist-web.cc \ dnsdist-xpf.cc dnsdist-xpf.hh \ diff --git a/pdns/dnsdistdist/dnsdist-systemd.cc b/pdns/dnsdistdist/dnsdist-systemd.cc new file mode 100644 index 0000000000..6f9f8904d5 --- /dev/null +++ b/pdns/dnsdistdist/dnsdist-systemd.cc @@ -0,0 +1,35 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "dnsdist-systemd.hh" +#include + +bool running_in_service_mgr() { +#ifdef HAVE_SYSTEMD + char *c; + c = getenv("NOTIFY_SOCKET"); // XXX Ideally we'd check for INVOCATION_ID (systemd.exec(5)), but that was introduced in systemd 232, and Debian Jessie has 215 + if (c != nullptr) { + return true; + } +#endif + return false; +} diff --git a/pdns/dnsdistdist/dnsdist-systemd.hh b/pdns/dnsdistdist/dnsdist-systemd.hh new file mode 100644 index 0000000000..046905c239 --- /dev/null +++ b/pdns/dnsdistdist/dnsdist-systemd.hh @@ -0,0 +1,24 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +bool running_in_service_mgr();