Bug 217 - setreuid and setregid broken under OS X/Darwin
setreuid and setregid broken under OS X/Darwin
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
unspecified
Other other
: P2 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-07 05:03 CET by Geoffrey Sisson
Modified: 2008-11-07 10:44 CET (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Geoffrey Sisson 2008-11-07 05:03:47 CET
setreuid and setregid are broken on OX X/Darwin, at least in 10.4.x.  Attempts to start unbound (version r1335) fail with the message:

  fatal error: unable to set group id of unbound: Operation not permitted

Calls to setreuid/setregid compile okay, so 'configure' sets HAVE_SETREUID to 1 and HAVE_SETREGID to 1 in config.h.  Naturally configure cannot do a proper runtime test as these functions must be called as root.  Some other test is needed to ensure that setreuid and setregid are not used on OS X.  unbound works fine when compiled with HAVE_SETREUID and HAVE_SETREGID unset in config.h

Here's a program that demonstrates the problem with setreuid and setregid:

------------------------ Begin included text ------------------------

// Fails under OS X (10.4.x)

#include <stdio.h>
#include <unistd.h>
#include <errno.h>

int
main(int argc, char *argv[])
{
        gid_t gid = 1;
        uid_t uid = 1;

        if (setregid(gid, gid) != 0)
                printf("unable to set gid: %s\n", strerror(errno));

        if (setreuid(uid, uid) != 0)
                printf("unable to set uid: %s\n", strerror(errno));
}

------------------------- End included text -------------------------
Comment 1 Wouter Wijngaards 2008-11-07 10:13:21 CET
Thank you for the example program.
The bug happens on 10.4 (uname darwin8), but not 10.5 (uname darwin9).
Comment 2 Wouter Wijngaards 2008-11-07 10:44:59 CET
Fixed in svn trunk r1337.
(The leet'est fix for unbound :-) )