[Opendnssec-commits] matthijs r6941 - in trunk/OpenDNSSEC/signer: doc src/daemon

commits at svn.opendnssec.org commits at svn.opendnssec.org
Thu Jan 10 17:03:11 CET 2013


Author: matthijs
Date: Thu Jan 10 17:03:11 2013
New Revision: 6941
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=6941

Log:
SUPPORT-44: Drop privs after bind socket

Modified:
   trunk/OpenDNSSEC/signer/doc/Changelog
   trunk/OpenDNSSEC/signer/src/daemon/engine.c

Modified: trunk/OpenDNSSEC/signer/doc/Changelog
==============================================================================
--- trunk/OpenDNSSEC/signer/doc/Changelog	Thu Jan 10 16:51:15 2013	(r6940)
+++ trunk/OpenDNSSEC/signer/doc/Changelog	Thu Jan 10 17:03:11 2013	(r6941)
@@ -1,3 +1,7 @@
+10 January 2012: Matthijs
+- OPENDNSSEC-350: Improve logging when there are problems with inbound xfr
+- SUPPORT-44: bind() to sockets before privdrop
+
 10 December 2012: Matthijs
 - Better TSIG logging and documentation, return NOTAUTH on TSIG error.
 

Modified: trunk/OpenDNSSEC/signer/src/daemon/engine.c
==============================================================================
--- trunk/OpenDNSSEC/signer/src/daemon/engine.c	Thu Jan 10 16:51:15 2013	(r6940)
+++ trunk/OpenDNSSEC/signer/src/daemon/engine.c	Thu Jan 10 17:03:11 2013	(r6941)
@@ -503,6 +503,8 @@
         engine->xfrhandler->dnshandler.fd = sockets[0];
         engine->dnshandler->xfrhandler.fd = sockets[1];
     }
+    /* start dns handler */
+    engine_start_dnshandler(engine);
     /* privdrop */
     engine->uid = privuid(engine->config->username);
     engine->gid = privgid(engine->config->group);
@@ -568,13 +570,12 @@
     if (result != HSM_OK) {
         return ODS_STATUS_HSM_ERR;
     }
+    /* start cmd/xfr handlers */
+    engine_start_cmdhandler(engine);
+    engine_start_xfrhandler(engine);
     /* create workers/drudgers */
     engine_create_workers(engine);
     engine_create_drudgers(engine);
-    /* start cmd/dns/xfr handlers */
-    engine_start_cmdhandler(engine);
-    engine_start_dnshandler(engine);
-    engine_start_xfrhandler(engine);
     tsig_handler_init(engine->allocator);
     /* write pidfile */
     if (util_write_pidfile(engine->config->pid_filename, engine->pid) == -1) {



More information about the Opendnssec-commits mailing list