Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
38cd4d14
Commit
38cd4d14
authored
Jul 14, 2009
by
Evan Hunt
Browse files
2629. [port] Check for seteuid()/setegid(), use setresuid()/
setresgid() if not present. [RT #19932]
parent
00f35bc7
Changes
5
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
38cd4d14
2629. [port] Check for seteuid()/setegid(), use setresuid()/
setresgid() if not present. [RT #19932]
2628. [port] linux: Allow /var/run/named/named.pid to be opened
at startup with reduced capabilities in operation.
[RT #19884]
...
...
bin/named/unix/os.c
View file @
38cd4d14
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: os.c,v 1.9
6
2009/07/14
05:15:00 marka
Exp $ */
/* $Id: os.c,v 1.9
7
2009/07/14
22:38:38 each
Exp $ */
/*! \file */
...
...
@@ -718,6 +718,34 @@ mkdirpath(char *filename, void (*report)(const char *, ...)) {
return
(
-
1
);
}
static
void
setperms
(
uid_t
uid
,
gid_t
gid
,
void
(
*
report
)(
const
char
*
,
...))
{
char
strbuf
[
ISC_STRERRORSIZE
];
#if defined(HAVE_SETEGID)
if
(
setegid
(
gid
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective gid: %s"
,
strbuf
);
}
#elif defined(HAVE_SETRESGID)
if
(
setresgid
(
-
1
,
gid
,
-
1
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective gid: %s"
,
strbuf
);
}
#endif
#if defined(HAVE_SETEUID)
if
(
seteuid
(
uid
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective uid: %s"
,
strbuf
);
}
#elif defined(HAVE_SETRESUID)
if
(
setresuid
(
-
1
,
uid
,
-
1
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective uid: %s"
,
strbuf
);
}
#endif
}
void
ns_os_writepidfile
(
const
char
*
filename
,
isc_boolean_t
first_time
)
{
int
fd
;
...
...
@@ -763,29 +791,10 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
* Open the file using the uid/gid pair we will eventually
* be running as.
*/
if
(
setegid
(
runas_pw
->
pw_gid
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective gid: %s"
,
strbuf
);
/* NOTREACHED */
}
if
(
seteuid
(
runas_pw
->
pw_uid
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to set effective uid: %s"
,
strbuf
);
/* NOTREACHED */
}
setperms
(
runas_pw
->
pw_uid
,
runas_pw
->
pw_gid
,
report
);
fd
=
safe_open
(
filename
,
ISC_FALSE
);
if
(
seteuid
(
0
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to restore effective uid: %s"
,
strbuf
);
/* NOTREACHED */
}
if
(
setegid
(
0
)
==
-
1
)
{
isc__strerror
(
errno
,
strbuf
,
sizeof
(
strbuf
));
(
*
report
)(
"unable to restore effective gid: %s"
,
strbuf
);
/* NOTREACHED */
}
setperms
(
0
,
0
,
report
);
if
(
fd
==
-
1
)
{
/*
* Backwards compatibility.
...
...
config.h.in
View file @
38cd4d14
...
...
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h.in,v 1.11
5
2009/0
6
/1
0
0
2:23:42
marka Exp $ */
/* $Id: config.h.in,v 1.11
7
2009/0
8
/1
3
0
1:51:19
marka Exp $ */
/*! \file */
...
...
@@ -220,9 +220,21 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <regex.h> header file. */
#undef HAVE_REGEX_H
/* Define to 1 if you have the `setegid' function. */
#undef HAVE_SETEGID
/* Define to 1 if you have the `seteuid' function. */
#undef HAVE_SETEUID
/* Define to 1 if you have the `setlocale' function. */
#undef HAVE_SETLOCALE
/* Define to 1 if you have the `setresgid' function. */
#undef HAVE_SETRESGID
/* Define to 1 if you have the `setresuid' function. */
#undef HAVE_SETRESUID
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
...
...
configure
View file @
38cd4d14
...
...
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
#
# $Id: configure,v 1.45
7
2009/0
6/30 02:53:46
each Exp $
# $Id: configure,v 1.45
8
2009/0
7/14 22:39:30
each Exp $
#
# Portions Copyright (C) 1996-2001 Nominum, Inc.
#
...
...
@@ -29,7 +29,7 @@
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# From configure.in Revision: 1.47
1
.
# From configure.in Revision: 1.47
2
.
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61.
#
...
...
@@ -20920,6 +20920,200 @@ _ACEOF
fi
#
# Older versions of HP/UX don't define seteuid() and setegid()
#
for ac_func in seteuid setresuid
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
For example, HP-UX 11i <limits.h> declares gettimeofday. */
#define $ac_func innocuous_$ac_func
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func (); below.
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
<limits.h> exists even on freestanding compilers. */
#ifdef __STDC__
# include <limits.h>
#else
# include <assert.h>
#endif
#undef $ac_func
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char $ac_func ();
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined __stub_$ac_func || defined __stub___$ac_func
choke me
#endif
int
main ()
{
return $ac_func ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
eval "$as_ac_var=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_var=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
fi
ac_res=`eval echo '${'$as_ac_var'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
if test `eval echo '${'$as_ac_var'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done
for ac_func in setegid setresgid
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
For example, HP-UX 11i <limits.h> declares gettimeofday. */
#define $ac_func innocuous_$ac_func
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func (); below.
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
<limits.h> exists even on freestanding compilers. */
#ifdef __STDC__
# include <limits.h>
#else
# include <assert.h>
#endif
#undef $ac_func
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char $ac_func ();
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined __stub_$ac_func || defined __stub___$ac_func
choke me
#endif
int
main ()
{
return $ac_func ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
eval "$as_ac_var=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_var=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
fi
ac_res=`eval echo '${'$as_ac_var'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
if test `eval echo '${'$as_ac_var'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done
#
# UnixWare 7.1.1 with the feature supplement to the UDK compiler
# is reported to not support "static inline" (RT #1212).
...
...
configure.in
View file @
38cd4d14
...
...
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.47
1
$)
AC_REVISION($Revision: 1.47
2
$)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
...
...
@@ -282,6 +282,12 @@ AC_C_INLINE
AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
#
# Older versions of HP/UX don't define seteuid() and setegid()
#
AC_CHECK_FUNCS(seteuid setresuid)
AC_CHECK_FUNCS(setegid setresgid)
#
# UnixWare 7.1.1 with the feature supplement to the UDK compiler
# is reported to not support "static inline" (RT #1212).
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment