If you really have to insist on running suid which is NEVER
a good idea unless the program has been designed to run suid
the try the following. This is untested beyond compiling.
Mark
diff --git a/bin/named/main.c b/bin/named/main.c
index bdbbf92..8f946f3 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -22,6 +22,7 @@
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#include <isc/app.h>
#include <isc/backtrace.h>
@@ -1263,6 +1264,15 @@ main(int argc, char *argv[]) {
#endif
/*
+ * If we are running sgid/suid complete process.
+ */
+ if (getegid() != getgid())
+ setgid(getegid());
+
+ if (geteuid() != getuid())
+ setuid(geteuid());
+
+ /*
* Record version in core image.
* strings named.core | grep "named version:"
*/
In message
<cac4bht4rddf3jah+a3dhyzrosxeb3w9cd1f9j59ru+u_ula...@mail.gmail.com>, Gordon
Lang writes:
> --===============3732002365036211140==
> Content-Type: multipart/alternative; boundary=f46d043892cfc600190520ebcff6
>
> --f46d043892cfc600190520ebcff6
> Content-Type: text/plain; charset=UTF-8
>
> After reading Mark's post (found in my spam folder), I gather suid cannot
> be used with threads on Linux. So I have to choose between setting up a
> suid root wrapper, or simply not using threads. So my final question is
> whether or not using threads on Linux is sufficiently beneficial in spite
> of it being "a total mess."
>
> --
> Gordon A. Lang
>
> --f46d043892cfc600190520ebcff6
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <p dir=3D"ltr">After reading Mark's post (found in my spam folder), I g=
> ather suid cannot be used with threads on Linux.=C2=A0 So I have to choose =
> between setting up a suid root wrapper, or simply not using threads.=C2=A0 =
> So my final question is whether or not using threads on Linux is sufficient=
> ly beneficial in spite of it being "a total mess."</p>
> <p dir=3D"ltr">--<br>
> Gordon A. Lang</p>
>
> --f46d043892cfc600190520ebcff6--
>
> --===============3732002365036211140==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============3732002365036211140==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
