[Pdns-users] chroot and setuid in pdns_recursor (patch)

bert hubert ahu at ds9a.nl
Fri Mar 4 21:23:25 UTC 2005 

Hehe found this stuck in my mailbox, applied, thanks! I had to reverse your
patch though.

See http://wiki.powerdns.com/projects/trac/changeset/330

	Bert.

On Mon, Jun 07, 2004 at 01:33:02AM +0200, Bram Vandoren wrote:
> Hi,
> I want to use pdns_recursor as a standalone server.
> 
> I didn't find the chroot and setuid options so I wrote a small patch. I 
> copied the functions from pdns. The interface is identical to that in 
> powerdns.
> 
> Maybe I add more some functionality (like allow-recursion) from powerdns 
> to pdns_recursor later.
> 
> Regards,
> Bram.
> **

> --- pdns-2.9.16-custom/pdns/pdns_recursor.cc	2004-06-06 14:57:03.000000000 +0200
> +++ pdns-2.9.16/pdns/pdns_recursor.cc	2004-02-08 11:36:54.000000000 +0100
> @@ -396,9 +396,6 @@
>      arg().set("local-address","port to listen on")="0.0.0.0";
>      arg().set("trace","if we should output heaps of logging")="off";
>      arg().set("daemon","Operate as a daemon")="yes";
> -    arg().set("chroot","switch to chroot jail")="";
> -    arg().set("setgid","If set, change group id to this gid for more security")="";
> -    arg().set("setuid","If set, change user id to this uid for more security")="";
>      arg().set("quiet","Suppress logging of questions and answers")="off";
>      arg().set("config-dir","Location of configuration directory (recursor.conf)")=SYSCONFDIR;
>      arg().set("socket-dir","Where the controlsocket will live")=LOCALSTATEDIR;
> @@ -454,23 +447,6 @@
>      writePid();
>  #endif
>  
> -    int newgid=0;
> -    if(!arg()["setgid"].empty())
> -      newgid=Utility::makeGidNumeric(arg()["setgid"]);
> -    int newuid=0;
> -    if(!arg()["setuid"].empty())
> -      newuid=Utility::makeUidNumeric(arg()["setuid"]);
> -
> -
> -    if (!arg()["chroot"].empty()) {
> -        if (chroot(arg()["chroot"].c_str())<0) {
> -            L<<Logger::Error<<"Unable to chroot to '"+arg()["chroot"]+"': "<<strerror (errno)<<", exiting"<<endl;
> -	    exit(1);
> -	}
> -    }
> -
> -    Utility::dropPrivs(newuid, newgid);
> -
>      vector<TCPConnection> tcpconnections;
>      counter=0;
>      for(;;) {

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users


-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-users mailing list