re-do do_root_trust_anchor_update() function
This function is doing the update of auto-trust-anchor
root.key in unbound directory from the file provided by
dns-root-data. We should update it only if unbound did
not do it already, having a more recent version. And
we should do it in a way to ensure the new file is copied
in full before it is being used (#989959).
So first verify if this file in unbound dir is not more
recent than the one provided by dns-root-data.
And next, copy the file being updated to a temp file and
mv it into place only when done.
Use setpriv utility for this instead of doing things as
root in an untrusted directory to eliminate a possibility
for unbound=>root privilege escalations.
Michael Tokarev
2 years ago
| 72 | 72 | } |
| 73 | 73 | |
| 74 | 74 | do_root_trust_anchor_update() { |
| 75 | if [ false != "$ROOT_TRUST_ANCHOR_UPDATE" \ | |
| 76 | -a -n "$ROOT_TRUST_ANCHOR_FILE" \ | |
| 77 | -a -r "$DNS_ROOT_KEY_FILE" ]; then | |
| 78 | if ! cmp -s "$ROOT_TRUST_ANCHOR_FILE" "$DNS_ROOT_KEY_FILE" ; then | |
| 79 | echo "Updating $ROOT_TRUST_ANCHOR_FILE from $DNS_ROOT_KEY_FILE" | |
| 80 | install -m 0644 -o unbound -g unbound "$DNS_ROOT_KEY_FILE" "$ROOT_TRUST_ANCHOR_FILE" | |
| 81 | fi | |
| 75 | [ false != "$ROOT_TRUST_ANCHOR_UPDATE" -a \ | |
| 76 | -n "$ROOT_TRUST_ANCHOR_FILE" -a \ | |
| 77 | -r "$DNS_ROOT_KEY_FILE" ] || return | |
| 78 | ||
| 79 | if [ ! -e "$ROOT_TRUST_ANCHOR_FILE" ] || | |
| 80 | # we do not want to copy if unbound's file is more recent | |
| 81 | [ "$DNS_ROOT_KEY_FILE" -nt "$ROOT_TRUST_ANCHOR_FILE" ]; then | |
| 82 | ||
| 83 | echo "Updating $ROOT_TRUST_ANCHOR_FILE from $DNS_ROOT_KEY_FILE" | |
| 84 | # Copy to temp first and do mv only when done to ensure the file is in | |
| 85 | # good condition. Can use install(1) here to set correct owner but need | |
| 86 | # mv anyway, and doing both as root in an untrusted dir seems risky. | |
| 87 | setpriv --reuid=unbound --regid=unbound --clear-groups \ | |
| 88 | sh -c "\ | |
| 89 | cp --remove-destination --preserve \ | |
| 90 | \"$DNS_ROOT_KEY_FILE\" \"$ROOT_TRUST_ANCHOR_FILE.tmp\" && \ | |
| 91 | mv -f \"$ROOT_TRUST_ANCHOR_FILE.tmp\" \"$ROOT_TRUST_ANCHOR_FILE\"" | |
| 82 | 92 | fi |
| 83 | 93 | } |
| 84 | 94 |