Of course, things have to be different on Linux

2025-01-04 01:19:46 +01:00 · 2019-09-07 16:45:11 +02:00 · 2019-09-07 16:45:11 +02:00 · 3e10fc917f
commit 3e10fc917f
parent 5c9c20c974
2 changed files with 91 additions and 2 deletions
--- a/dnscrypt-proxy/privilege_linux.go
+++ b/dnscrypt-proxy/privilege_linux.go
@ -0,0 +1,89 @@
+package main
+
+import (
+	"os"
+	"os/exec"
+	"os/user"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+
+	"github.com/jedisct1/dlog"
+)
+
+func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
+	currentUser, err := user.Current()
+	if err != nil && currentUser.Uid != "0" {
+		dlog.Fatal("Root privileges are required in order to switch to a different user. Maybe try again with 'sudo'")
+	}
+	userInfo, err := user.Lookup(userStr)
+	args := os.Args
+
+	if err != nil {
+		uid, err2 := strconv.Atoi(userStr)
+		if err2 != nil || uid <= 0 {
+			dlog.Fatalf("Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", userStr, err)
+		}
+		dlog.Warnf("Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", userStr, err, uid, uid)
+		userInfo = &user.User{Uid: userStr, Gid: userStr}
+	}
+	uid, err := strconv.Atoi(userInfo.Uid)
+	if err != nil {
+		dlog.Fatal(err)
+	}
+	gid, err := strconv.Atoi(userInfo.Gid)
+	if err != nil {
+		dlog.Fatal(err)
+	}
+	execPath, err := exec.LookPath(args[0])
+	if err != nil {
+		dlog.Fatalf("Unable to get the path to the dnscrypt-proxy executable file: [%s]", err)
+	}
+	path, err := filepath.Abs(execPath)
+	if err != nil {
+		dlog.Fatal(err)
+	}
+
+	ServiceManagerReadyNotify()
+
+	args = append(args, "-child")
+
+	dlog.Notice("Dropping privileges")
+
+	runtime.LockOSThread()
+	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGROUPS, uintptr(0), uintptr(0), 0); rcode != 0 {
+		dlog.Fatalf("Unable to drop additional groups: [%s]", rcode.Error())
+	}
+	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); rcode != 0 {
+		dlog.Fatalf("Unable to drop group privileges: [%s]", rcode.Error())
+	}
+	if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 {
+		dlog.Fatalf("Unable to drop user privileges: [%s]", rcode.Error())
+	}
+	maxfd := uintptr(0)
+	for _, fd := range fds {
+		if fd.Fd() > maxfd {
+			maxfd = fd.Fd()
+		}
+	}
+	fdbase := maxfd + 1
+	for i, fd := range fds {
+		if err := unix.Dup2(int(fd.Fd()), int(fdbase+uintptr(i))); err != nil {
+			dlog.Fatalf("Unable to clone file descriptor: [%s]", err)
+		}
+		if _, err := unix.FcntlInt(fd.Fd(), unix.F_SETFD, unix.FD_CLOEXEC); err != nil {
+			dlog.Fatalf("Unable to set the close on exec flag: [%s]", err)
+		}
+	}
+	for i := range fds {
+		if err := unix.Dup2(int(fdbase+uintptr(i)), int(i)+3); err != nil {
+			dlog.Fatalf("Unable to reassign descriptor: [%s]", err)
+		}
+	}
+	err = unix.Exec(path, args, os.Environ())
+	dlog.Fatalf("Unable to reexecute [%s]: [%s]", path, err)
+	os.Exit(1)
+}
--- a/dnscrypt-proxy/privilege_others.go
+++ b/dnscrypt-proxy/privilege_others.go
@ -1,4 +1,4 @@
-// +build !windows
+// +build !windows,!linux

 package main

@ -59,7 +59,7 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
 		dlog.Fatalf("Unable to drop additional groups: %s", err)
 	}
 	if err := unix.Setgid(gid); err != nil {
-		dlog.Fatalf("Unable to drop user privileges: %s", err)
+		dlog.Fatalf("Unable to drop group privileges: %s", err)
 	}
 	if err := unix.Setuid(uid); err != nil {
 		dlog.Fatalf("Unable to drop user privileges: %s", err)