ALT Linux repositórios
| S: | 9.16.44-alt1 |
| 5.0: | 9.3.6-alt5 |
| 4.1: | 9.3.6-alt4.M41.2 |
| +updates: | 9.3.6-alt4.M41.1 |
| 4.0: | 9.3.6-alt4.M41.1 |
| +updates: | 9.3.6-alt4.M41.1 |
| 3.0: | 9.2.4.rel-alt2 |
Group :: Sistema/Servidores
RPM: bind
Navegação
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: bind-9.2.4rc5-alt-chroot.patch
Download
Download
diff -uprk.orig bind-9.2.4rc5.orig/bin/named/server.c bind-9.2.4rc5/bin/named/server.c
--- bind-9.2.4rc5.orig/bin/named/server.c 2004-05-14 05:04:46 +0400
+++ bind-9.2.4rc5/bin/named/server.c 2004-06-30 17:31:06 +0400
@@ -2076,8 +2076,12 @@ load_configuration(const char *filename,
"no source of entropy found");
} else {const char *randomdev = cfg_obj_asstring(obj);
- result = isc_entropy_createfilesource(ns_g_entropy,
+ if (strcmp(randomdev, PATH_RANDOMDEV))
+ result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
+ else
+ result = isc_entropy_createfilefd(ns_g_entropy,
+ ns_os_open_randomdev());
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
@@ -2093,8 +2097,10 @@ load_configuration(const char *filename,
/*
* Relinquish root privileges.
*/
- if (first_time)
+ if (first_time) {ns_os_changeuser();
+ ns_os_dropprivs();
+ }
/*
* Configure the logging system.
diff -uprk.orig bind-9.2.4rc5.orig/bin/named/unix/include/named/os.h bind-9.2.4rc5/bin/named/unix/include/named/os.h
--- bind-9.2.4rc5.orig/bin/named/unix/include/named/os.h 2004-03-09 09:09:24 +0300
+++ bind-9.2.4rc5/bin/named/unix/include/named/os.h 2004-06-30 17:31:06 +0400
@@ -47,6 +47,12 @@ void
ns_os_minprivs(void);
void
+ns_os_dropprivs(void);
+
+int
+ns_os_open_randomdev(void);
+
+void
ns_os_writepidfile(const char *filename, isc_boolean_t first_time);
void
diff -uprk.orig bind-9.2.4rc5.orig/bin/named/unix/os.c bind-9.2.4rc5/bin/named/unix/os.c
--- bind-9.2.4rc5.orig/bin/named/unix/os.c 2004-04-15 09:36:13 +0400
+++ bind-9.2.4rc5/bin/named/unix/os.c 2004-06-30 18:16:03 +0400
@@ -293,6 +293,19 @@ ns_os_init(const char *progname) {#endif
}
+int
+ns_os_open_randomdev (void)
+{+ static int fd = -1;
+
+#ifdef PATH_RANDOMDEV
+ if (fd < 0)
+ fd = open(PATH_RANDOMDEV, O_RDONLY | O_NONBLOCK, 0);
+#endif
+
+ return fd;
+}
+
void
ns_os_daemonize(void) {pid_t pid;
@@ -376,6 +389,7 @@ void
ns_os_chroot(const char *root) {char strbuf[ISC_STRERRORSIZE];
if (root != NULL) {+ ns_os_open_randomdev();
if (chroot(root) < 0) {isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("chroot(): %s", strbuf);@@ -458,6 +472,13 @@ ns_os_minprivs(void) {#endif
}
+void
+ns_os_dropprivs(void) {+#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
+ linux_setcaps(0);
+#endif
+}
+
static int
safe_open(const char *filename, isc_boolean_t append) {int fd;
diff -uprk.orig bind-9.2.4rc5.orig/lib/isc/include/isc/entropy.h bind-9.2.4rc5/lib/isc/include/isc/entropy.h
--- bind-9.2.4rc5.orig/lib/isc/include/isc/entropy.h 2004-03-09 09:11:55 +0300
+++ bind-9.2.4rc5/lib/isc/include/isc/entropy.h 2004-06-30 17:31:06 +0400
@@ -166,6 +166,9 @@ isc_entropy_createfilesource(isc_entropy
* The file will never be opened/read again once EOF is reached.
*/
+isc_result_t
+isc_entropy_createfilefd(isc_entropy_t *ent, int fd);
+
void
isc_entropy_destroysource(isc_entropysource_t **sourcep);
/*
diff -uprk.orig bind-9.2.4rc5.orig/lib/isc/unix/entropy.c bind-9.2.4rc5/lib/isc/unix/entropy.c
--- bind-9.2.4rc5.orig/lib/isc/unix/entropy.c 2004-03-09 09:12:09 +0300
+++ bind-9.2.4rc5/lib/isc/unix/entropy.c 2004-06-30 17:31:06 +0400
@@ -288,23 +288,17 @@ make_nonblock(int fd) {}
isc_result_t
-isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {- int fd;
+isc_entropy_createfilefd(isc_entropy_t *ent, int fd) {isc_result_t ret;
isc_entropysource_t *source;
REQUIRE(VALID_ENTROPY(ent));
- REQUIRE(fname != NULL);
+ REQUIRE(fd >= 0);
LOCK(&ent->lock);
source = NULL;
- fd = open(fname, O_RDONLY | O_NONBLOCK, 0);
- if (fd < 0) {- ret = isc__errno2result(errno);
- goto errout;
- }
ret = make_nonblock(fd);
if (ret != ISC_R_SUCCESS)
goto closefd;
@@ -339,7 +333,6 @@ isc_entropy_createfilesource(isc_entropy
closefd:
close(fd);
- errout:
if (source != NULL)
isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
@@ -347,3 +340,17 @@ isc_entropy_createfilesource(isc_entropy
return (ret);
}
+
+isc_result_t
+isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {+ int fd;
+
+ REQUIRE(VALID_ENTROPY(ent));
+ REQUIRE(fname != NULL);
+
+ fd = open(fname, O_RDONLY | O_NONBLOCK, 0);
+ if (fd < 0) {+ return isc__errno2result(errno);
+ }
+ return isc_entropy_createfilefd(ent, fd);
+}