From d8cac78d3ded828ac290d48b4bceae795b625c1b Mon Sep 17 00:00:00 2001 From: Can Erkin Acar Date: Fri, 12 Mar 2004 18:40:17 +0000 Subject: Privilege seperation for named. Allows named to handle address/interface changes without restart. If you use non-standard ports in named configuration make sure they are > 1024. Also /var/named/etc/rndc.key (if any) must be readable by group named. Initial work and testing by itojun@, jakob@, hints, help from henning@, avsm@, beck@. ok henning, beck, avsm, deraadt --- usr.sbin/bind/bin/named/main.c | 12 ++++++++++++ usr.sbin/bind/bin/named/server.c | 4 +++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'usr.sbin/bind/bin/named') diff --git a/usr.sbin/bind/bin/named/main.c b/usr.sbin/bind/bin/named/main.c index 5a3ebbd4024..0eec853876d 100644 --- a/usr.sbin/bind/bin/named/main.c +++ b/usr.sbin/bind/bin/named/main.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -511,7 +512,9 @@ setup(void) { } #endif +#if 0 /* Not used due to privsep */ ns_os_chroot(ns_g_chrootdir); +#endif /* * For operating systems which have a capability mechanism, now @@ -538,6 +541,15 @@ setup(void) { if (!ns_g_foreground) ns_os_daemonize(); + /* + * Privilege separation + */ + isc_priv_init(ns_g_logstderr); + isc_drop_privs(ns_g_username); + isc_socket_privsep(1); + + /* process is now unprivileged and inside a chroot */ + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version, saved_command_line); diff --git a/usr.sbin/bind/bin/named/server.c b/usr.sbin/bind/bin/named/server.c index fee23ff2c15..e0449007e85 100644 --- a/usr.sbin/bind/bin/named/server.c +++ b/usr.sbin/bind/bin/named/server.c @@ -2069,10 +2069,12 @@ load_configuration(const char *filename, ns_server_t *server, } /* - * Relinquish root privileges. + * Relinquish root privileges. Not used due to privsep */ +#if 0 if (first_time) ns_os_changeuser(); +#endif /* * Configure the logging system. -- cgit v1.2.3