re-do do_root_trust_anchor_update() function
This function is doing the update of auto-trust-anchor
root.key in unbound directory from the file provided by
dns-root-data. We should update it only if unbound did
not do it already, having a more recent version. And
we should do it in a way to ensure the new file is copied
in full before it is being used (#989959).
So first verify if this file in unbound dir is not more
recent than the one provided by dns-root-data.
And next, copy the file being updated to a temp file and
mv it into place only when done.
Use setpriv utility for this instead of doing things as
root in an untrusted directory to eliminate a possibility
for unbound=>root privilege escalations.
Michael Tokarev
2 years ago
72 | 72 | } |
73 | 73 | |
74 | 74 | do_root_trust_anchor_update() { |
75 | if [ false != "$ROOT_TRUST_ANCHOR_UPDATE" \ | |
76 | -a -n "$ROOT_TRUST_ANCHOR_FILE" \ | |
77 | -a -r "$DNS_ROOT_KEY_FILE" ]; then | |
78 | if ! cmp -s "$ROOT_TRUST_ANCHOR_FILE" "$DNS_ROOT_KEY_FILE" ; then | |
79 | echo "Updating $ROOT_TRUST_ANCHOR_FILE from $DNS_ROOT_KEY_FILE" | |
80 | install -m 0644 -o unbound -g unbound "$DNS_ROOT_KEY_FILE" "$ROOT_TRUST_ANCHOR_FILE" | |
81 | fi | |
75 | [ false != "$ROOT_TRUST_ANCHOR_UPDATE" -a \ | |
76 | -n "$ROOT_TRUST_ANCHOR_FILE" -a \ | |
77 | -r "$DNS_ROOT_KEY_FILE" ] || return | |
78 | ||
79 | if [ ! -e "$ROOT_TRUST_ANCHOR_FILE" ] || | |
80 | # we do not want to copy if unbound's file is more recent | |
81 | [ "$DNS_ROOT_KEY_FILE" -nt "$ROOT_TRUST_ANCHOR_FILE" ]; then | |
82 | ||
83 | echo "Updating $ROOT_TRUST_ANCHOR_FILE from $DNS_ROOT_KEY_FILE" | |
84 | # Copy to temp first and do mv only when done to ensure the file is in | |
85 | # good condition. Can use install(1) here to set correct owner but need | |
86 | # mv anyway, and doing both as root in an untrusted dir seems risky. | |
87 | setpriv --reuid=unbound --regid=unbound --clear-groups \ | |
88 | sh -c "\ | |
89 | cp --remove-destination --preserve \ | |
90 | \"$DNS_ROOT_KEY_FILE\" \"$ROOT_TRUST_ANCHOR_FILE.tmp\" && \ | |
91 | mv -f \"$ROOT_TRUST_ANCHOR_FILE.tmp\" \"$ROOT_TRUST_ANCHOR_FILE\"" | |
82 | 92 | fi |
83 | 93 | } |
84 | 94 |