667. [bug] On Linux, running named with the -u option and a

non-world-readable configuration file didn't work. [RT #626]
2001-01-09 00:10:42 +00:00
parent c861628626
commit d119051ef7
2 changed files with 11 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+ 667.	[bug]		On Linux, running named with the -u option and a
+			non-world-readable configuration file didn't work.
+			[RT #626]
+
 666.	[bug]		If a request sent by dig is longer than 512 bytes,
 			use TCP.

--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: os.c,v 1.36 2000/12/14 18:29:57 marka Exp $ */
+/* $Id: os.c,v 1.37 2001/01/09 00:10:42 bwelling Exp $ */

 #include <config.h>
 #include <stdarg.h>
@@ -183,6 +183,12 @@ linux_initialprivs(void) {
 	 */
 	caps |= (1 << CAP_SETGID);

+	/*
+	 * Without this, we run into problems reading a configuration file
+	 * owned by a non-root user and non-world-readable on startup.
+	 */
+	caps |= (1 << CAP_DAC_READ_SEARCH);
+
 	/*
 	 * XXX  We might want to add CAP_SYS_RESOURCE, though it's not
 	 *      clear it would work right given the way linuxthreads work.