reapply changes for the built-in drop-privs support by tsarna.

this commit doesn't reapply "dumping of the unicast server list to the DumpStateLog debugging output" enhancement. It doesn't build anymore, no idea how to rewrite. Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
2023-05-27 17:58:58 +00:00 · 2023-05-27 17:58:58 +00:00 · 95bdbe7c60
parent d42b5bde34
commit 95bdbe7c60
1 changed files with 16 additions and 2 deletions
--- a/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c
+++ b/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c
@ -50,6 +50,10 @@ extern int daemon(int, int);
 #include "PlatformCommon.h"
 #include "DNSCommon.h"

+#ifndef MDNSD_USER
+#define MDNSD_USER "nobody"
+#endif
+
 #define CONFIG_FILE "/etc/mdnsd.conf"
 static domainname DynDNSZone;                // Default wide-area zone for service registration
 static domainname DynDNSHostname;
@ -190,11 +194,21 @@ int main(int argc, char **argv)
    // Now that we're finished with anything privileged, switch over to running as "nobody"
    if (mStatus_NoError == err)
    {
-        const struct passwd *pw = getpwnam("nobody");
+        const struct passwd *pw = getpwnam(MDNSD_USER);
        if (pw != NULL)
+	{
+            setgid(pw->pw_gid);
            setuid(pw->pw_uid);
+	}
        else
-            LogMsg("WARNING: mdnsd continuing as root because user \"nobody\" does not exist");
+#ifdef MDNSD_NOROOT
+        {
+            LogMsg("WARNING: mdnsd exiting because user \""MDNSD_USER"\" does not exist");
+            err = mStatus_Invalid;
+        }
+#else
+            LogMsg("WARNING: mdnsd continuing as root because user \""MDNSD_USER"\" does not exist");
+#endif
    }

    if (mStatus_NoError == err)