[Dnsmasq-discuss] 2.43rc6
Simon Kelley
simon at thekelleys.org.uk
Fri Jul 11 09:18:56 BST 2008
Gilles Espinasse wrote:
> ----- Original Message -----
> From: "Simon Kelley" <simon at thekelleys.org.uk>
> To: "dnsmasq discussion list" <dnsmasq-discuss at lists.thekelleys.org.uk>
> Sent: Thursday, July 10, 2008 6:03 PM
> Subject: [Dnsmasq-discuss] 2.43rc6
>
>
>> It's looking good. One last change (hopes!) This adds a config option
>>
> dnsmasq behave differently (unrelated to randomized ports) when no user is
> specified
> I think users should be warned to check how they want to run dnsmasq
> this is with kernel 2.4.36
>
> root at ipcop:~ # dnsmasq --version
> Dnsmasq version 2.38 Copyright (C) 2000-2007 Simon Kelley
> Compile time options no-IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
>
> netstat -anpe | grep dnsmasq
> tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
> 0 333850 29165/dnsmasq
> udp 0 0 0.0.0.0:1025 0.0.0.0:*
> 103 333856 29165/dnsmasq
> udp 0 0 0.0.0.0:53 0.0.0.0:*
> 0 333849 29165/dnsmasq
> unix 2 [ ] DGRAM 333854 29165/dnsmasq
>
> dnsmasq run as user 103
>
> dnsmasq --version
> Dnsmasq version 2.43rc6 Copyright (C) 2000-2008 Simon Kelley
> Compile time options no-IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
> netstat -anpe | grep dnsmasq
> tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
> 0 13473 1127/dnsmasq
> udp 0 0 0.0.0.0:53 0.0.0.0:*
> 0 13472 1127/dnsmasq
> unix 2 [ ] DGRAM 13478 1127/dnsmasq
>
> same script but dnsmasq run as user 0
This made me scratch my head for a while, but I have the explanation
now. The uids shown by netstat are the uid of the process which created
the socket _when_it_was_created_. You can see in the first example that
the port 53 udp and tcp sockets show uid 0. They were created before
dnsmasq dropped root (they have to be, to bind a low port) The third
socket in the first example is the socket dnsmasq uses to talk to the
upstream server, which is created after dnsmasq drops root and so shows
uid 103.
The difference in the second example is that the third socket is just
missing. That's expected: to use random source ports dnsmasq now creates
such sockets on the fly. If you could catch dnsmasq whilst it was
active, you'd see one or more udp sockets.
Just to reiterate, the behaviour of dnsmasq when started as root and
without a configured user is still (nearly) the same. It changes to user
"nobody". The only difference is that version 2.42 and below would
continue to run as root if the change-uid process failed, whilst logging
a polite message. Version 2.43 fails to start with an error if that happens.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list