Bug#500806: database rebuild does not ensure readable database

Thu, 15 Jan 2009 14:34:00 -0800 

On Thu, Jan 15, 2009 at 10:15:04PM +0000, Pierre Habouzit wrote:
> On Thu, Jan 15, 2009 at 11:16:52PM +0000, martin f krafft wrote:
> > reopen 500806
> > retitle 500806 nsdc should drop privileges when invoked as root
> > severity 500806 wishlist
> > thanks
> > 
> > also sprach Pierre Habouzit <madco...@debian.org> [2009.01.16.0222 +1300]:
> > > Nope, you're the one being wrong, you should not run nsdc as root,
> > > unless you're starting nsd.
> > > 
> > > You should do : su -c nsd nsdc rebuild
> > [...]
> > 
> > You knew you had it coming:
> > 
> > Since I do not have to su for running postfix flush or reload, and
> > I do not have to su to run rndc and I do not have to su to run
> > apache2ctl, it only seems reasonable that nsdc should handle this
> > itself: please make it drop privileges when invoked as root.
> 
> Have you ever used inn2 ? Because it has substantially the very same
> problem.
> 
> My problem is, the user can change username from /etc/nsd3/nsd.conf to
> change the user nsd is running under, and it's rather "hard" to parse
> from nsdc (which is pure sh scripting).
> 
> .... except that:
> 
> $(nsd-checkconf -o username /etc/nsd3/nsd.conf) is what I want.
>   ...
>   ... okay I'll provide a patch then

Untested yet, but the following snipplet applied to /usr/bin/nsdc should do.

diff --git a/nsdc.sh.in b/nsdc.sh.in
index 136fe9e..5383575 100644
--- a/nsdc.sh.in
+++ b/nsdc.sh.in
@@ -92,8 +92,18 @@ pidfile=`${nsd_checkconf} -o pidfile ${configfile}`
 difffile=`${nsd_checkconf} -o difffile ${configfile}`
 zonesdir=`${nsd_checkconf} -o zonesdir ${configfile}`
 lockfile="${dbfile}.lock"  # still needed
+username=`${nsd_checkconf} -o username ${configfile}`
 sbindir=`dirname ${nsd_checkconf}`
 
+case "$1" in
+    start|restart);;
+    *)
+        if [ "$UID" = 0 -a "$username" != "root" ]; then
+            exec su -c "$username" '"$0" -c "${configfile}" "$@"'
+        fi
+    ;;
+esac
+
 # move to zonesdir (if specified), and make absolute pathnames.
 if test -n "${zonesdir}"; then
        zonesdir=`dirname ${zonesdir}/.`


more or less, the quoting becomes broken doing that... but that's the rough
idea.


-- 
·O·  Pierre Habouzit
··O                                                madco...@debian.org
OOO                                                http://www.madism.org

Attachment: pgpHcwKbAlTnR.pgp
Description: PGP signature

Reply via email to