| os.c (135446) | os.c (143731) |
|---|---|
| 1/* 2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 1999-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 | 1/* 2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 1999-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 |
| 18/* $Id: os.c,v 1.46.2.4.8.16 2004/05/04 03:19:42 marka Exp $ */ | 18/* $Id: os.c,v 1.46.2.4.8.19 2004/10/07 02:34:20 marka Exp $ */ |
| 19 20#include <config.h> 21#include <stdarg.h> 22 23#include <sys/types.h> /* dev_t FreeBSD 2.1 */ 24#include <sys/stat.h> 25 26#include <ctype.h> --- 72 unchanged lines hidden (view full) --- 99 */ 100 101#ifdef HAVE_LINUXTHREADS 102static pid_t mainpid = 0; 103#endif 104 105static struct passwd *runas_pw = NULL; 106static isc_boolean_t done_setuid = ISC_FALSE; | 19 20#include <config.h> 21#include <stdarg.h> 22 23#include <sys/types.h> /* dev_t FreeBSD 2.1 */ 24#include <sys/stat.h> 25 26#include <ctype.h> --- 72 unchanged lines hidden (view full) --- 99 */ 100 101#ifdef HAVE_LINUXTHREADS 102static pid_t mainpid = 0; 103#endif 104 105static struct passwd *runas_pw = NULL; 106static isc_boolean_t done_setuid = ISC_FALSE; |
| 107static int dfd[2] = { -1, -1 }; |
|
| 107 108#ifdef HAVE_LINUX_CAPABILITY_H 109 110static isc_boolean_t non_root = ISC_FALSE; 111static isc_boolean_t non_root_caps = ISC_FALSE; 112 113/* 114 * We define _LINUX_FS_H to prevent it from being included. We don't need --- 41 unchanged lines hidden (view full) --- 156 caphead.version = _LINUX_CAPABILITY_VERSION; 157 caphead.pid = 0; 158 memset(&cap, 0, sizeof(cap)); 159 cap.effective = caps; 160 cap.permitted = caps; 161 cap.inheritable = caps; 162 if (syscall(SYS_capset, &caphead, &cap) < 0) { 163 isc__strerror(errno, strbuf, sizeof(strbuf)); | 108 109#ifdef HAVE_LINUX_CAPABILITY_H 110 111static isc_boolean_t non_root = ISC_FALSE; 112static isc_boolean_t non_root_caps = ISC_FALSE; 113 114/* 115 * We define _LINUX_FS_H to prevent it from being included. We don't need --- 41 unchanged lines hidden (view full) --- 157 caphead.version = _LINUX_CAPABILITY_VERSION; 158 caphead.pid = 0; 159 memset(&cap, 0, sizeof(cap)); 160 cap.effective = caps; 161 cap.permitted = caps; 162 cap.inheritable = caps; 163 if (syscall(SYS_capset, &caphead, &cap) < 0) { 164 isc__strerror(errno, strbuf, sizeof(strbuf)); |
| 164 ns_main_earlyfatal("capset failed: %s", strbuf); | 165 ns_main_earlyfatal("capset failed: %s:" 166 " please ensure that the capset kernel" 167 " module is loaded. see insmod(8)", 168 strbuf); |
| 165 } 166} 167 168static void 169linux_initialprivs(void) { 170 unsigned int caps; 171 172 /* --- 124 unchanged lines hidden (view full) --- 297#endif 298} 299 300void 301ns_os_daemonize(void) { 302 pid_t pid; 303 char strbuf[ISC_STRERRORSIZE]; 304 | 169 } 170} 171 172static void 173linux_initialprivs(void) { 174 unsigned int caps; 175 176 /* --- 124 unchanged lines hidden (view full) --- 301#endif 302} 303 304void 305ns_os_daemonize(void) { 306 pid_t pid; 307 char strbuf[ISC_STRERRORSIZE]; 308 |
| 309 if (pipe(dfd) == -1) { 310 isc__strerror(errno, strbuf, sizeof(strbuf)); 311 ns_main_earlyfatal("pipe(): %s", strbuf); 312 } 313 |
|
| 305 pid = fork(); 306 if (pid == -1) { 307 isc__strerror(errno, strbuf, sizeof(strbuf)); 308 ns_main_earlyfatal("fork(): %s", strbuf); 309 } | 314 pid = fork(); 315 if (pid == -1) { 316 isc__strerror(errno, strbuf, sizeof(strbuf)); 317 ns_main_earlyfatal("fork(): %s", strbuf); 318 } |
| 310 if (pid != 0) 311 _exit(0); | 319 if (pid != 0) { 320 int n; 321 /* 322 * Wait for the child to finish loading for the first time. 323 * This would be so much simpler if fork() worked once we 324 * were multi-threaded. 325 */ 326 (void)close(dfd[1]); 327 do { 328 char buf; 329 n = read(dfd[0], &buf, 1); 330 if (n == 1) 331 _exit(0); 332 } while (n == -1 && errno == EINTR); 333 _exit(1); 334 } 335 (void)close(dfd[0]); |
| 312 313 /* 314 * We're the child. 315 */ 316 317#ifdef HAVE_LINUXTHREADS 318 mainpid = getpid(); 319#endif --- 25 unchanged lines hidden (view full) --- 345 if (devnullfd != STDERR_FILENO) { 346 (void)close(STDERR_FILENO); 347 (void)dup2(devnullfd, STDERR_FILENO); 348 } 349 } 350} 351 352void | 336 337 /* 338 * We're the child. 339 */ 340 341#ifdef HAVE_LINUXTHREADS 342 mainpid = getpid(); 343#endif --- 25 unchanged lines hidden (view full) --- 369 if (devnullfd != STDERR_FILENO) { 370 (void)close(STDERR_FILENO); 371 (void)dup2(devnullfd, STDERR_FILENO); 372 } 373 } 374} 375 376void |
| 377ns_os_started(void) { 378 char buf = 0; 379 380 /* 381 * Signal to the parent that we stated successfully. 382 */ 383 if (dfd[0] != -1 && dfd[1] != -1) { 384 write(dfd[1], &buf, 1); 385 close(dfd[1]); 386 dfd[0] = dfd[1] = -1; 387 } 388} 389 390void |
|
| 353ns_os_opendevnull(void) { 354 devnullfd = open("/dev/null", O_RDWR, 0); 355} 356 357void 358ns_os_closedevnull(void) { 359 if (devnullfd != STDIN_FILENO && 360 devnullfd != STDOUT_FILENO && --- 60 unchanged lines hidden (view full) --- 421 if (runas_pw == NULL || done_setuid) 422 return; 423 424 done_setuid = ISC_TRUE; 425 426#ifdef HAVE_LINUXTHREADS 427#ifdef HAVE_LINUX_CAPABILITY_H 428 if (!non_root_caps) | 391ns_os_opendevnull(void) { 392 devnullfd = open("/dev/null", O_RDWR, 0); 393} 394 395void 396ns_os_closedevnull(void) { 397 if (devnullfd != STDIN_FILENO && 398 devnullfd != STDOUT_FILENO && --- 60 unchanged lines hidden (view full) --- 459 if (runas_pw == NULL || done_setuid) 460 return; 461 462 done_setuid = ISC_TRUE; 463 464#ifdef HAVE_LINUXTHREADS 465#ifdef HAVE_LINUX_CAPABILITY_H 466 if (!non_root_caps) |
| 467 ns_main_earlyfatal("-u with Linux threads not supported: " 468 "requires kernel support for " 469 "prctl(PR_SET_KEEPCAPS)"); 470#else 471 ns_main_earlyfatal("-u with Linux threads not supported: " 472 "no capabilities support or capabilities " 473 "disabled at build time"); |
|
| 429#endif | 474#endif |
| 430 ns_main_earlyfatal( 431 "-u not supported on Linux kernels older than " 432 "2.3.99-pre3 or 2.2.18 when using threads"); | |
| 433#endif 434 435 if (setgid(runas_pw->pw_gid) < 0) { 436 isc__strerror(errno, strbuf, sizeof(strbuf)); 437 ns_main_earlyfatal("setgid(): %s", strbuf); 438 } 439 440 if (setuid(runas_pw->pw_uid) < 0) { --- 190 unchanged lines hidden --- | 475#endif 476 477 if (setgid(runas_pw->pw_gid) < 0) { 478 isc__strerror(errno, strbuf, sizeof(strbuf)); 479 ns_main_earlyfatal("setgid(): %s", strbuf); 480 } 481 482 if (setuid(runas_pw->pw_uid) < 0) { --- 190 unchanged lines hidden --- |