- Fix that the server does not chown the pidfile.

diff --git a/contrib/rc_d_unbound b/contrib/rc_d_unbound
index 56516147f23045ce179d2465969c5e09d1754fd3..9d98c5e059aeb06aa023ec9cb292a4a92369ecac 100755 (executable)
--- a/contrib/rc_d_unbound
+++ b/contrib/rc_d_unbound
@@ -22,4 +22,13 @@ pidfile=${unbound_pidfile:-"/usr/local/etc/unbound/unbound.pid"}
 command_args=${unbound_flags:-"-c /usr/local/etc/unbound/unbound.conf"}
 extra_commands="reload"
 
+if test "$1" = "stop" ; then
+       run_rc_command "$1"
+       ret=$?
+       if test $ret -eq 0; then
+               rm -f "$pidfile"
+       fi
+       exit $ret
+fi
+
 run_rc_command "$1"

diff --git a/contrib/unbound.init b/contrib/unbound.init
index c5bb52bb4d6926078df70eb99107a9f51b526474..70ab0134e82704a5fde931b4e9f33a2dce724d10 100644 (file)
--- a/contrib/unbound.init
+++ b/contrib/unbound.init
@@ -75,6 +75,7 @@ stop() {
     retval=$?
     echo
     [ $retval -eq 0 ] && rm -f $lockfile
+    [ $retval -eq 0 ] && rm -f $pidfile
     if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then
        umount ${rootdir}/dev/log >/dev/null 2>&1
     fi;

diff --git a/contrib/unbound.init_fedora b/contrib/unbound.init_fedora
index 989440341989e693250cf5e501a8e74b64af4fdb..75856777fb8f1fda09b0e8f68e27a6fa9d2724ce 100644 (file)
--- a/contrib/unbound.init_fedora
+++ b/contrib/unbound.init_fedora
@@ -58,6 +58,7 @@ stop() {
     killproc -p $pidfile unbound
     retval=$?
     [ $retval -eq 0 ] && rm -f $lockfile
+    [ $retval -eq 0 ] && rm -f $pidfile
     for mountfile in /dev/log /dev/urandom /etc/localtime /etc/resolv.conf /var/run/unbound
     do
     if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then

diff --git a/contrib/unbound.init_yocto b/contrib/unbound.init_yocto
index 4eba752bc55c2d219059659c87366d0852ac8786..e1a8124482746a2d1a1173bbb7229f1d9dee7845 100644 (file)
--- a/contrib/unbound.init_yocto
+++ b/contrib/unbound.init_yocto
@@ -75,6 +75,7 @@ stop() {
     retval=$?
     echo
     [ $retval -eq 0 ] && rm -f $lockfile
+    [ $retval -eq 0 ] && rm -f $pidfile
     if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then
        umount ${rootdir}/dev/log >/dev/null 2>&1
     fi;

diff --git a/daemon/unbound.c b/daemon/unbound.c
index b5c7a0d20138388c654b8f46ffbd0081242d9a63..d6c371571d75ce01d3f146f1bf7c8af9a0fd5185 100644 (file)
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -366,9 +366,8 @@ readpid (const char* file)
 /** write pid to file. 
  * @param pidfile: file name of pid file.
  * @param pid: pid to write to file.
- * @return false on failure
  */
-static int
+static void
 writepid (const char* pidfile, pid_t pid)
 {
        int fd;
@@ -383,7 +382,7 @@ writepid (const char* pidfile, pid_t pid)
                , 0644)) == -1) {
                log_err("cannot open pidfile %s: %s", 
                        pidfile, strerror(errno));
-               return 0;
+               return;
        }
        while(count < strlen(pidbuf)) {
                ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
@@ -393,17 +392,16 @@ writepid (const char* pidfile, pid_t pid)
                        log_err("cannot write to pidfile %s: %s",
                                pidfile, strerror(errno));
                        close(fd);
-                       return 0;
+                       return;
                } else if(r == 0) {
                        log_err("cannot write any bytes to pidfile %s: "
                                "write returns 0 bytes written", pidfile);
                        close(fd);
-                       return 0;
+                       return;
                }
                count += r;
        }
        close(fd);
-       return 1;
 }
 
 /**
@@ -545,7 +543,15 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                                cfg, 1);
                if(!daemon->pidfile)
                        fatal_exit("pidfile alloc: out of memory");
-               checkoldpid(daemon->pidfile, pidinchroot);
+               /* Check old pid if there is no username configured.
+                * With a username, the assumption is that the privilege
+                * drop makes a pidfile not removed when the server stopped
+                * last time. The server does not chown the pidfile for it,
+                * because that creates privilege escape problems, with the
+                * pidfile writable by unprivileged users, but used by
+                * privileged users. */
+               if(cfg->username && cfg->username[0])
+                       checkoldpid(daemon->pidfile, pidinchroot);
        }
 #endif
 
@@ -557,18 +563,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
        /* write new pidfile (while still root, so can be outside chroot) */
 #ifdef HAVE_KILL
        if(cfg->pidfile && cfg->pidfile[0] && need_pidfile) {
-               if(writepid(daemon->pidfile, getpid())) {
-                       if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 &&
-                               pidinchroot) {
-#  ifdef HAVE_CHOWN
-                               if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
-                                       verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
-                                               (unsigned)cfg_uid, (unsigned)cfg_gid,
-                                               daemon->pidfile, strerror(errno));
-                               }
-#  endif /* HAVE_CHOWN */
-                       }
-               }
+               writepid(daemon->pidfile, getpid());
        }
 #else
        (void)daemon;

diff --git a/doc/Changelog b/doc/Changelog
index 05be2e56fac661a754836feff9118685b71f84a7..64b1bcf4958c78b1a2c5400f3be22f44f03d6a39 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,7 @@
        - Fix to add unit test for lruhash space that exercises the routines.
        - Fix that when the server truncates the pidfile, it does not follow
          symbolic links.
+       - Fix that the server does not chown the pidfile.
 
 25 March 2024: Yorgos
        - Merge #831 from Pierre4012: Improve Windows NSIS installer