From: Ondřej Surý Date: Mon, 27 Apr 2020 13:58:45 +0000 (+0200) Subject: Don't change effective uid when we already dropped privileges X-Git-Tag: v9.17.2~120^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6c82e2af92c741b52585e67054a67862211875b0;p=thirdparty%2Fbind9.git Don't change effective uid when we already dropped privileges When running on Linux and system capabilities are available, named will drop the extra capabilities before loading the configuration. This led to spurious warnings from `seteuid()` because named already dropped CAP_SETUID and CAP_GETUID capabilities. The fix removes setting the effective uid/gid when capabilities are available, and adds a check that we are running under the user we were requested to run. --- diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index b99b0d3d001..c9a9441a84e 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -414,7 +415,6 @@ named_os_chroot(const char *root) { void named_os_inituserinfo(const char *username) { - char strbuf[ISC_STRERRORSIZE]; if (username == NULL) { return; } @@ -431,6 +431,7 @@ named_os_inituserinfo(const char *username) { } if (getuid() == 0) { + char strbuf[ISC_STRERRORSIZE]; if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlyfatal("initgroups(): %s", strbuf); @@ -696,14 +697,21 @@ named_os_openfile(const char *filename, mode_t mode, bool switch_user) { free(f); if (switch_user && runas_pw != NULL) { + uid_t olduid = getuid(); gid_t oldgid = getgid(); +#if HAVE_SYS_CAPABILITY_H + REQUIRE(olduid == runas_pw->pw_uid); + REQUIRE(oldgid == runas_pw->pw_gid); +#else /* HAVE_SYS_CAPABILITY_H */ /* Set UID/GID to the one we'll be running with eventually */ setperms(runas_pw->pw_uid, runas_pw->pw_gid); - +#endif fd = safe_open(filename, mode, false); - /* Restore UID/GID to root */ - setperms(0, oldgid); +#if !HAVE_SYS_CAPABILITY_H + /* Restore UID/GID to previous uid/gid */ + setperms(olduid, oldgid); +#endif if (fd == -1) { fd = safe_open(filename, mode, false);