[Dnsmasq-discuss] 2.43rc6

Simon Kelley simon at thekelleys.org.uk
Fri Jul 11 09:18:56 BST 2008 

Gilles Espinasse wrote:
> ----- Original Message ----- 
> From: "Simon Kelley" <simon at thekelleys.org.uk>
> To: "dnsmasq discussion list" <dnsmasq-discuss at lists.thekelleys.org.uk>
> Sent: Thursday, July 10, 2008 6:03 PM
> Subject: [Dnsmasq-discuss] 2.43rc6
> 
> 
>> It's looking good. One last change (hopes!) This adds a config option
>>
> dnsmasq behave differently (unrelated to randomized ports) when no user is
> specified
> I think users should be warned to check how they want to run dnsmasq
> this is with kernel 2.4.36
> 
> root at ipcop:~ # dnsmasq --version
> Dnsmasq version 2.38  Copyright (C) 2000-2007 Simon Kelley
> Compile time options no-IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
> 
> netstat -anpe | grep dnsmasq
> tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
> 0          333850     29165/dnsmasq
> udp        0      0 0.0.0.0:1025            0.0.0.0:*
> 103        333856     29165/dnsmasq
> udp        0      0 0.0.0.0:53              0.0.0.0:*
> 0          333849     29165/dnsmasq
> unix  2      [ ]         DGRAM                    333854 29165/dnsmasq
> 
> dnsmasq run as user 103
> 
> dnsmasq --version
> Dnsmasq version 2.43rc6  Copyright (C) 2000-2008 Simon Kelley
> Compile time options no-IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
> netstat -anpe | grep dnsmasq
> tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
> 0          13473      1127/dnsmasq
> udp        0      0 0.0.0.0:53              0.0.0.0:*
> 0          13472      1127/dnsmasq
> unix  2      [ ]         DGRAM                    13478  1127/dnsmasq
> 
> same script but dnsmasq run as user 0

This made me scratch my head for a while, but I have the explanation
now. The uids shown by netstat are the uid of the process which created
the socket _when_it_was_created_. You can see in the first example that
the port 53 udp and tcp sockets show uid 0. They were created before
dnsmasq dropped root (they have to be, to bind a low port) The third
socket in the first example is the socket dnsmasq uses to talk to the
upstream server, which is created after dnsmasq drops root and so shows
uid 103.

The difference in the second example is that the third socket is just
missing. That's expected: to use random source ports dnsmasq now creates
such sockets on the fly. If you could catch dnsmasq whilst it was
active, you'd see one or more udp sockets.

Just to reiterate, the behaviour of dnsmasq when started as root and
without a configured user is still (nearly) the same. It changes to user
"nobody". The only difference is that version 2.42 and below would
continue to run as root if the change-uid process failed, whilst logging
a polite message. Version 2.43 fails to start with an error if that happens.


Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list