Hi!
I have received error report on Fedora [1] with problem of log-facility
used. Problem happens because systemd does not grant even root processes
cap_dac_override. Therefore log file created by dnsmasq has to be
writable by dnsmasq user. But it is created/opened when still did not
drop privileges under effective uid == 0. It leads to surprising
situation. If dnsmasq with log-facility=/var/log/dnsmasq.log is started
first time, it passes just fine. However when it is started second time
with /var/log/dnsmasq owned by dnsmasq:root, mode 0640, it fails opening
the log.
My attached patch fixes it. If dnsmasq were started as root, it gives
also group write right to log file. Because it does not change group of
file, it should be always root. My patch expects log file group is not
changed in mean time. If it is something different, for example adm
group, skip granting writeable flag. It fixes the problem at hand.
What do you think Simon? Others?
Cheers,
Petr
1. https://bugzilla.redhat.com/show_bug.cgi?id=2024166
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
From d76d835d7c689f962102cc8bf305b141574df396 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemen...@redhat.com>
Date: Mon, 10 Jan 2022 12:34:42 +0100
Subject: [PATCH] Add root group writeable flag to log file
Some systems strips even root process capability of writing to different
users file. That include systemd under Fedora. When
log-facility=/tmp/log is used, log file with mode 0640 is created. But
restart then fails, because such log file can be used only when created
new. Existing file cannot be opened by root when starting, causing fatal
error. Avoid that by adding root group writeable flag.
Ensure group is always root when granting write access. If it is
anything else, administrator has to configure correct rights.
---
src/log.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/log.c b/src/log.c
index 1ec3447..d10d17e 100644
--- a/src/log.c
+++ b/src/log.c
@@ -101,9 +101,15 @@ int log_start(struct passwd *ent_pw, int errfd)
change the ownership here so that the file is always owned by
the dnsmasq user. Then logrotate can just copy the owner.
Failure of the chown call is OK, (for instance when started as non-root) */
- if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0 &&
- fchown(log_fd, ent_pw->pw_uid, -1) != 0)
- ret = errno;
+ if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0)
+ {
+ struct stat ls;
+ if (getgid() == 0 && fstat(log_fd, &ls) == 0 && ls.st_gid == 0 &&
+ (ls.st_mode & S_IWGRP) == 0)
+ (void)fchmod(log_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP);
+ if (fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+ ret = errno;
+ }
return ret;
}
@@ -118,7 +124,7 @@ int log_reopen(char *log_file)
/* NOTE: umask is set to 022 by the time this gets called */
if (log_file)
- log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
+ log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
else
{
#if defined(HAVE_SOLARIS_NETWORK) || defined(__ANDROID__)
--
2.31.1
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
