2628. [port] linux: Allow /var/run/named/named.pid to be opened

at startup with reduced capabilities in operation. [RT #19884]
2009-07-14 05:15:00 +00:00
parent d85c83c414
commit a4463732ad
2 changed files with 57 additions and 2 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+2628.	[port]		linux: Allow /var/run/named/named.pid to be opened 
+			at startup with reduced capabilities in operation.
+			[RT #19884]
+
 2627.	[bug]		Named aborted if the same key was included in
 			trusted-keys more than once. [RT #19918]

--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: os.c,v 1.95 2009/03/02 03:08:22 marka Exp $ */
+/* $Id: os.c,v 1.96 2009/07/14 05:15:00 marka Exp $ */

 /*! \file */

@@ -291,6 +291,12 @@ linux_initialprivs(void) {
 	 */
 	SET_CAP(CAP_SYS_RESOURCE);

+	/*
+	 * We need to be able to set the ownership of the containing
+	 * directory of the pid file when we create it.
+	 */
+	SET_CAP(CAP_CHOWN);
+
 	linux_setcaps(caps);

 #ifdef HAVE_LIBCAP
@@ -752,7 +758,52 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
 		return;
 	}

-	fd = safe_open(filename, ISC_FALSE);
+	if (first_time && runas_pw != NULL) {
+		/*
+		 * Open the file using the uid/gid pair we will eventually
+		 * be running as.
+		 */
+		if (setegid(runas_pw->pw_gid) == -1) {
+			isc__strerror(errno, strbuf, sizeof(strbuf));
+			(*report)("unable to set effective gid: %s", strbuf);
+			/* NOTREACHED */
+		}
+		if (seteuid(runas_pw->pw_uid) == -1) {
+			isc__strerror(errno, strbuf, sizeof(strbuf));
+			(*report)("unable to set effective uid: %s", strbuf);
+			/* NOTREACHED */
+		}
+		fd = safe_open(filename, ISC_FALSE);
+		if  (seteuid(0) == -1) {
+			isc__strerror(errno, strbuf, sizeof(strbuf));
+			(*report)("unable to restore effective uid: %s",
+				  strbuf);
+			/* NOTREACHED */
+		}
+		if (setegid(0) == -1) {
+			isc__strerror(errno, strbuf, sizeof(strbuf));
+			(*report)("unable to restore effective gid: %s",
+				  strbuf);
+			/* NOTREACHED */
+		}
+		if (fd == -1) {
+			/*
+			 * Backwards compatibility.
+			 */
+			fd = safe_open(filename, ISC_FALSE);
+			if (fd != -1) {
+				ns_main_earlywarning("Required root "
+					             "permissions to open "
+						     "'%s'.", filename);
+				ns_main_earlywarning("Please check file and "
+						     "directory permissions "
+						     "or adjust 'pid-file' "
+						     "in named.conf.");
+			}
+		}
+	} else
+		fd = safe_open(filename, ISC_FALSE);
+	
 	if (fd < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		(*report)("couldn't open pid file '%s': %s", filename, strbuf);