dnscrypt-proxy/dnscrypt-proxy/privilege_others.go

// +build !windows,!linux

package main

import (
	"os"
	"os/exec"
	"os/user"
	"path/filepath"
	"runtime"
	"strconv"
	"syscall"

	"github.com/jedisct1/dlog"
)

var cmd *exec.Cmd

func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
	currentUser, err := user.Current()
	if err != nil {
		dlog.Fatal(err)
	}
	if currentUser.Uid != "0" {
		dlog.Fatal("I need root permissions. Try again with 'sudo'")
	}
	user, err := user.Lookup(userStr)
	args := os.Args

	if err != nil {
		dlog.Fatal(err)
	}
	uid, err := strconv.Atoi(user.Uid)
	if err != nil {
		dlog.Fatal(err)
	}
	gid, err := strconv.Atoi(user.Gid)
	if err != nil {
		dlog.Fatal(err)
	}
	execPath, err := exec.LookPath(args[0])
	if err != nil {
		dlog.Fatal(err)
	}
	path, err := filepath.Abs(execPath)
	if err != nil {
		dlog.Fatal(err)
	}

	ServiceManagerReadyNotify()

	args = append(args, "-child")

	dlog.Notice("Dropping privileges")
	runtime.LockOSThread()
	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGROUPS, uintptr(0), uintptr(0), 0); rcode != 0 {
		dlog.Fatalf("Unable to drop additional groups: %s", err)
	}
	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); rcode != 0 {
		dlog.Fatalf("Unable to drop user privileges: %s", err)
	}
	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 {
		dlog.Fatalf("Unable to drop user privileges: %s", err)
	}
	maxfd := uintptr(0)
	for _, fd := range fds {
		if fd.Fd() > maxfd {
			maxfd = fd.Fd()
		}
	}
	fdbase := maxfd + 1
	for i, fd := range fds {
		if _, _, rcode := syscall.RawSyscall(syscall.SYS_DUP2, fd.Fd(), fdbase+uintptr(i), 0); rcode != 0 {
			dlog.Fatal("Unable to clone file descriptor")
		}
		if _, _, rcode := syscall.RawSyscall(syscall.SYS_FCNTL, fd.Fd(), syscall.F_SETFD, syscall.FD_CLOEXEC); rcode != 0 {
			dlog.Fatal("Unable to set the close on exec flag")
		}
	}
	for i := range fds {
		if _, _, rcode := syscall.RawSyscall(syscall.SYS_DUP2, fdbase+uintptr(i), uintptr(i)+3, 0); rcode != 0 {
			dlog.Fatal("Unable to reassign descriptor")
		}
	}
	syscall.Exec(path, args, os.Environ())
	dlog.Fatalf("Unable to reexecute [%s]", path)
	os.Exit(1)
}
Of course, Linux has to do things differently 2018-10-03 16:33:33 +02:00			`// +build !windows,!linux`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00
			`package main`

			`import (`
			`"os"`
			`"os/exec"`
			`"os/user"`
			`"path/filepath"`
Forget about the supervisor, and use syscall.Exec() 2018-10-03 16:05:07 +02:00			`"runtime"`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`"strconv"`
			`"syscall"`
Keep the process running in foreground to avoid a breaking change/allow monitoring This currently doesn't replace the previous process. Maybe there is a way to achieve this in Go. Need to look closer at os.exec Also start-child -> child 2018-06-13 17:24:16 +02:00
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`"github.com/jedisct1/dlog"`
			`)`

Minor improvements for the user_name option (#559) * Fix missing pidfile when run with user_name opt. * Make sure we are root when dropping privilege This is required on macOS. * Kill child process on exit. Fixes https://github.com/jedisct1/dnscrypt-proxy/issues/547 2018-08-04 00:57:52 +02:00			`var cmd *exec.Cmd`

Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`func (proxy Proxy) dropPrivilege(userStr string, fds []os.File) {`
Minor improvements for the user_name option (#559) * Fix missing pidfile when run with user_name opt. * Make sure we are root when dropping privilege This is required on macOS. * Kill child process on exit. Fixes https://github.com/jedisct1/dnscrypt-proxy/issues/547 2018-08-04 00:57:52 +02:00			`currentUser, err := user.Current()`
			`if err != nil {`
			`dlog.Fatal(err)`
			`}`
			`if currentUser.Uid != "0" {`
			`dlog.Fatal("I need root permissions. Try again with 'sudo'")`
			`}`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`user, err := user.Lookup(userStr)`
			`args := os.Args`

			`if err != nil {`
			`dlog.Fatal(err)`
			`}`
			`uid, err := strconv.Atoi(user.Uid)`
			`if err != nil {`
			`dlog.Fatal(err)`
			`}`
			`gid, err := strconv.Atoi(user.Gid)`
			`if err != nil {`
			`dlog.Fatal(err)`
			`}`
Keep the process running in foreground to avoid a breaking change/allow monitoring This currently doesn't replace the previous process. Maybe there is a way to achieve this in Go. Need to look closer at os.exec Also start-child -> child 2018-06-13 17:24:16 +02:00			`execPath, err := exec.LookPath(args[0])`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`if err != nil {`
			`dlog.Fatal(err)`
			`}`
Keep the process running in foreground to avoid a breaking change/allow monitoring This currently doesn't replace the previous process. Maybe there is a way to achieve this in Go. Need to look closer at os.exec Also start-child -> child 2018-06-13 17:24:16 +02:00			`path, err := filepath.Abs(execPath)`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`if err != nil {`
			`dlog.Fatal(err)`
			`}`

Ping the service manager early Maybe fixes #548 (untested) 2018-07-19 19:03:57 +02:00			`ServiceManagerReadyNotify()`
Of course, dropping privileges breaks with systemd sockets 2018-07-07 17:21:21 +02:00
Keep the process running in foreground to avoid a breaking change/allow monitoring This currently doesn't replace the previous process. Maybe there is a way to achieve this in Go. Need to look closer at os.exec Also start-child -> child 2018-06-13 17:24:16 +02:00			`args = append(args, "-child")`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00
			`dlog.Notice("Dropping privileges")`
Forget about the supervisor, and use syscall.Exec() 2018-10-03 16:05:07 +02:00			`runtime.LockOSThread()`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGROUPS, uintptr(0), uintptr(0), 0); rcode != 0 {`
			`dlog.Fatalf("Unable to drop additional groups: %s", err)`
			`}`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); rcode != 0 {`
			`dlog.Fatalf("Unable to drop user privileges: %s", err)`
			`}`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 {`
			`dlog.Fatalf("Unable to drop user privileges: %s", err)`
			`}`
			`maxfd := uintptr(0)`
			`for _, fd := range fds {`
			`if fd.Fd() > maxfd {`
			`maxfd = fd.Fd()`
			`}`
			`}`
			`fdbase := maxfd + 1`
			`for i, fd := range fds {`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_DUP2, fd.Fd(), fdbase+uintptr(i), 0); rcode != 0 {`
			`dlog.Fatal("Unable to clone file descriptor")`
			`}`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_FCNTL, fd.Fd(), syscall.F_SETFD, syscall.FD_CLOEXEC); rcode != 0 {`
			`dlog.Fatal("Unable to set the close on exec flag")`
			`}`
			`}`
			`for i := range fds {`
			`if _, _, rcode := syscall.RawSyscall(syscall.SYS_DUP2, fdbase+uintptr(i), uintptr(i)+3, 0); rcode != 0 {`
			`dlog.Fatal("Unable to reassign descriptor")`
Automatically restart after unexpected errors 2018-07-01 23:06:28 +02:00			`}`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`}`
Forget about the supervisor, and use syscall.Exec() 2018-10-03 16:05:07 +02:00			`syscall.Exec(path, args, os.Environ())`
			`dlog.Fatalf("Unable to reexecute [%s]", path)`
			`os.Exit(1)`
Drop privileges with exec (#467) * Drop privileges with exec and SysProcAttr * Fix windows build * Fix passing logfile fd 2018-06-13 16:52:41 +02:00			`}`