pdns icon indicating copy to clipboard operation
pdns copied to clipboard

Published 20 hours ago verified publisher icon PowerDNS

Should pdnsutil attempt to apply the setuid/setgid settings?

Open maikzumstrull opened this issue 9 years ago • 6 comments

pdns.conf has setuid/setgid settings, mainly intended for daemon use, but I'm wondering if pdnsutil should use them, too. I see at least three cases where this matters:

  • Since pdns.conf may contain passwords, it may not be world readable
  • Some backends may use unix permissions for authentication, e.g. gpgsql with socket auth, or anything that stores its data in simple files (bind, gsqlite)
  • If pdnsutil launches an editor, it should probably run as the user that launched pdnsutil

So, I've been wondering: Should pdnsutil attempt to apply setuid/setgid to ensure it accesses things cleanly? Should pdnsutil be installed suid to ensure it can always setuid/setgid? Should it fork so it can do stuff as the setuid/setgid account, but also launch an editor as the current user?

I'm not sure what the best behavior is, so I'm filing this as a question.

maikzumstrull avatar Feb 15 '16 21:02 maikzumstrull

Related: #964

pieterlexis avatar Feb 16 '16 08:02 pieterlexis

I think it indeed should set{u,g}id.

Since pdns.conf may contain passwords, it may not be world readable

This would mean that pdnsutil should be started as the same user as the server itself (root most of the time).

So, I've been wondering: Should pdnsutil attempt to apply setuid/setgid to ensure it accesses things cleanly?

Yes!

Should pdnsutil be installed suid to ensure it can always setuid/setgid?

I'm good with exit(1) and a message to stderr.

Should it fork so it can do stuff as the setuid/setgid account, but also launch an editor as the current user?

The editor opens a file in /tmp, so it doesn't really matter wich user it is opened at. The only issue will be the $EDITOR started.

pieterlexis avatar Feb 16 '16 12:02 pieterlexis

Most editors (including vim and nano) will attempt to read and write things in $HOME. They survive not being able to write there, but whine about it.

maikzumstrull avatar Feb 16 '16 12:02 maikzumstrull

so it doesn't really matter wich user it is opened at

it certainly does: in vim: :!sh

jpmens avatar Feb 16 '16 13:02 jpmens

Without wanting to have too many opinions, we are not going to support making pdnsutil suid on the filesystem.

Habbie avatar Feb 16 '16 14:02 Habbie

There's the general idea of making pdnsutil more of an API client, and let it do almost nothing by itself. Maybe the things it needs to do by itself (because you need these things before you can start pdns_server) could maybe move into a new binary, or everything else could move out. Untagging this "easy" as more questions need to be answered before one can put in setuid/setgid calls in random places.

zeha avatar Aug 19 '20 14:08 zeha