Drop privileges

5 years ago · 00cab788b8
parent e31363e926
commit 00cab788b8
5 changed files with 40 additions and 2 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -18,6 +18,7 @@ libsodium-sys="0.2.4"
 log = "0.4.8"
 net2 = "0.2.33"
 parking_lot = "0.9.0"
+privdrop = "0.3.3"
 rand = "0.7.2"
 serde = "1.0.101"
 serde_derive = "1.0.101"
--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@ -12,7 +12,7 @@

 ## IP addresses and ports to listen to

-listen_addrs = ["127.0.0.1:4443"]
+listen_addrs = ["127.0.0.1:4443", "[::1]:4443"]


 ## IP address to connect to upstream servers from
@ -50,6 +50,21 @@ udp_max_active_connections = 1000
 tcp_max_active_connections = 100


+## User name to drop privileges to, when started as root.
+
+# user = "nobody"
+
+
+## Group name to drop privileges to, when started as root.
+
+# group = "nobody"
+
+
+## Path to chroot() to, when started as root.
+
+# chroot = "/tmp"
+
+

 ####################################
 #         DNSCrypt settings        #
@ -71,4 +86,4 @@ provider_name = "secure.dns.test"

 ## Where to prooxy TLS connections to (e.g. DoH server)

-# upstream_addr = "127.0.0.1:4343"
+# upstream_addr = "127.0.0.1:4343"
--- a/src/config.rs
+++ b/src/config.rs
@ -26,6 +26,9 @@ pub struct Config {
    pub tcp_timeout: u32,
    pub udp_max_active_connections: u32,
    pub tcp_max_active_connections: u32,
+    pub user: Option<String>,
+    pub group: Option<String>,
+    pub chroot: Option<String>,
    pub dnscrypt: DNSCryptConfig,
    pub tls: TLSConfig,
 }
--- a/src/errors.rs
+++ b/src/errors.rs
@ -1,4 +1,5 @@
 pub use failure::{bail, ensure, Error};
+use privdrop::PrivDropError;
 use std::io;
 use std::net::AddrParseError;

@ -10,4 +11,6 @@ pub enum ProxyError {
    Io(#[cause] io::Error),
    #[fail(display = "Unable to parse address: [{}]", _0)]
    AddrParseError(#[cause] AddrParseError),
+    #[fail(display = "Privilege drop error: [{}]", _0)]
+    PrivDrop(#[cause] PrivDropError),
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -42,6 +42,7 @@ use failure::{bail, ensure};
 use futures::join;
 use futures::prelude::*;
 use parking_lot::Mutex;
+use privdrop::PrivDrop;
 use rand::prelude::*;
 use std::collections::vec_deque::VecDeque;
 use std::convert::TryFrom;
@ -436,6 +437,21 @@ fn main() -> Result<(), Error> {
    let mut runtime_builder = tokio::runtime::Builder::new();
    runtime_builder.name_prefix("encrypted-dns-");
    let runtime = Arc::new(runtime_builder.build()?);
+
+    let mut pd = PrivDrop::default();
+    if let Some(user) = &config.user {
+        pd = pd.user(user);
+    }
+    if let Some(group) = &config.group {
+        pd = pd.group(group);
+    }
+    if let Some(chroot) = &config.chroot {
+        pd = pd.chroot(chroot);
+    }
+    if config.user.is_some() || config.group.is_some() || config.chroot.is_some() {
+        info!("Dropping privileges");
+        pd.apply()?;
+    }
    let globals = Arc::new(Globals {
        runtime: runtime.clone(),
        dnscrypt_encryption_params_set: vec![dnscrypt_encryption_params],