reuseport does not combine well with setuid= #1715

Open
rubenk opened this Issue Sep 16, 2014 · 6 comments

Projects

None yet

4 participants

@rubenk
Contributor
rubenk commented Sep 16, 2014

I have setuid=pdns, setgid=pdnsin my config

This results in:

/usr/sbin/pdns_server --daemon=no --guardian=no --reuseport=yes
Sep 16 13:31:31 Reading random entropy from '/dev/urandom'
Sep 16 13:31:31 This is a standalone pdns
Sep 16 13:31:31 Listening on controlsocket in '/var/run/pdns.controlsocket'
Sep 16 13:31:31 UDP server bound to 127.0.0.1:53
Sep 16 13:31:31 TCP server bound to 127.0.0.1:53
Sep 16 13:31:31 PowerDNS Authoritative Server UNKNOWN (mockbuild@dev-ruben.tilaa.nl) (C) 2001-2014 PowerDNS.COM BV
Sep 16 13:31:31 Using 64-bits mode. Built on 20140915211512 by mockbuild@dev-ruben.tilaa.nl, gcc 4.4.7 20120313 (Red Hat 4.4.7-4).
Sep 16 13:31:31 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Sep 16 13:31:31 Creating backend connection for TCP
Sep 16 13:31:31 About to create 3 backend threads for UDP
Sep 16 13:31:31 About to create 3 backend threads for UDP
Sep 16 13:31:31 About to create 3 backend threads for UDP
Sep 16 13:31:31 About to create 3 backend threads for UDP
Sep 16 13:31:32 Done launching threads, ready to distribute questions
Sep 16 13:31:32 Done launching threads, ready to distribute questions
Sep 16 13:31:32 binding UDP socket to '127.0.0.1:53: Permission denied
Sep 16 13:31:32 Done launching threads, ready to distribute questions
Sep 16 13:31:32 Done launching threads, ready to distribute questions
terminate called after throwing an instance of 'PDNSException'
Sep 16 13:31:32 Got a signal 6, attempting to print trace: 
Sep 16 13:31:32 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 13:31:32 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 13:31:32 Got a signal 6, attempting to print trace: 
Sep 16 13:31:32 Got a signal 6, attempting to print trace: 
Sep 16 13:31:32 /usr/sbin/pdns_server() [0x50391e]
Sep 16 13:31:32 /lib64/libc.so.6(+0x326b0) [0x7f8c5c1d06b0]
Sep 16 13:31:32 /lib64/libc.so.6(gsignal+0x35) [0x7f8c5c1d0635]
Sep 16 13:31:32 /lib64/libc.so.6(abort+0x175) [0x7f8c5c1d1e15]
Sep 16 13:31:32 /usr/lib64/libstdc++.so.6(_ZN9__gnu_cxx27__verbose_terminate_handlerEv+0x12d) [0x7f8c5cca7a5d]
Sep 16 13:31:32 /usr/lib64/libstdc++.so.6(+0xbcbe6) [0x7f8c5cca5be6]
Sep 16 13:31:32 /usr/lib64/libstdc++.so.6(+0xbcc13) [0x7f8c5cca5c13]
Sep 16 13:31:32 /usr/lib64/libstdc++.so.6(+0xbcd0e) [0x7f8c5cca5d0e]
Sep 16 13:31:32 /usr/sbin/pdns_server(_ZN13UDPNameserver8bindIPv4Ev+0x791) [0x48c341]
Sep 16 13:31:32 /usr/sbin/pdns_server(_ZN13UDPNameserverC2Eb+0xde) [0x48d07e]
Sep 16 13:31:32 /usr/sbin/pdns_server(_Z7qthreadPv+0x332) [0x542ed2]
Sep 16 13:31:32 /lib64/libpthread.so.0(+0x79d1) [0x7f8c5c5399d1]
Sep 16 13:31:32 /lib64/libc.so.6(clone+0x6d) [0x7f8c5c28686d]
Aborted

Each thread does its own bind now, and since privileges are dropped, they can't bind to port 53.

@Habbie Habbie added this to the auth-3.4.0 milestone Sep 16, 2014
@Habbie Habbie changed the title from reuseport combined with unprivileged user doesn't work to reuseport combined with unprivileged user crashes harder than is necessary Sep 16, 2014
@rubenk
Contributor
rubenk commented Sep 16, 2014

Some more info at loglevel 9

Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
terminate called after throwing an instance of 'PDNSException'
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
terminate called recursively
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
Sep 16 16:02:54 Done launching threads, ready to distribute questions
terminate called recursively
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
terminate called recursively
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 binding UDP socket to '127.0.0.1:53: Permission denied
terminate called recursively
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Got a signal 6, attempting to print trace: 
Sep 16 16:02:54 Done launching threads, ready to distribute questions
Sep 16 16:02:54 Starting new listen thread on the same IPs/ports using SO_REUSEPORT
Sep 16 16:02:54 /usr/sbin/pdns_server() [0x50391e]
Sep 16 16:02:54 /lib64/libc.so.6(+0x326b0) [0x7fa4206cd6b0]
Sep 16 16:02:54 /lib64/libc.so.6(gsignal+0x35) [0x7fa4206cd635]
Sep 16 16:02:54 /lib64/libc.so.6(abort+0x175) [0x7fa4206cee15]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(_ZN9__gnu_cxx27__verbose_terminate_handlerEv+0x41) [0x7fa4211a4971]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcbe6) [0x7fa4211a2be6]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcc13) [0x7fa4211a2c13]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcd0e) [0x7fa4211a2d0e]
Sep 16 16:02:54 /usr/sbin/pdns_server(_ZN13UDPNameserver8bindIPv4Ev+0x791) [0x48c341]
Sep 16 16:02:54 /usr/sbin/pdns_server(_ZN13UDPNameserverC2Eb+0xde) [0x48d07e]
Sep 16 16:02:54 /usr/sbin/pdns_server(_Z7qthreadPv+0x332) [0x542ed2]
Sep 16 16:02:54 /lib64/libpthread.so.0(+0x79d1) [0x7fa420a369d1]
Sep 16 16:02:54 /lib64/libc.so.6(clone+0x6d) [0x7fa42078386d]
Sep 16 16:02:54 /usr/sbin/pdns_server() [0x50391e]
Sep 16 16:02:54 /lib64/libc.so.6(+0x326b0) [0x7fa4206cd6b0]
Sep 16 16:02:54 /lib64/libc.so.6(gsignal+0x35) [0x7fa4206cd635]
Sep 16 16:02:54 /lib64/libc.so.6(abort+0x175) [0x7fa4206cee15]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(_ZN9__gnu_cxx27__verbose_terminate_handlerEv+0x41) [0x7fa4211a4971]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcbe6) [0x7fa4211a2be6]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcc13) [0x7fa4211a2c13]
Sep 16 16:02:54 /usr/lib64/libstdc++.so.6(+0xbcd0e) [0x7fa4211a2d0e]
Sep 16 16:02:54 /usr/sbin/pdns_server(_ZN13UDPNameserver8bindIPv4Ev+0x791) [0x48c341]
Sep 16 16:02:54 /usr/sbin/pdns_server(_ZN13UDPNameserverC2Eb+0xde) [0x48d07e]
Sep 16 16:02:54 /usr/sbin/pdns_server(_Z7qthreadPv+0x332) [0x542ed2]
Sep 16 16:02:54 /lib64/libpthread.so.0(+0x79d1) [0x7fa420a369d1]
Sep 16 16:02:54 /lib64/libc.so.6(clone+0x6d) [0x7fa42078386d]
@Habbie
Member
Habbie commented Sep 16, 2014

With this commit, we no longer crash dumbly - we just don't benefit from reuseport. Leaving ticket open as a feature request to either move the set of bind()s to before the priv drop, or postpone the priv drop.

@Habbie Habbie modified the milestone: auth-3.4.0 Sep 16, 2014
@Habbie Habbie changed the title from reuseport combined with unprivileged user crashes harder than is necessary to reuseport does not combine well with setuid= Sep 22, 2014
@skottler
skottler commented Mar 9, 2015

It'd be really useful for this to get fixed since both SO_REUSEPORT and setuid/setgid are necessary for their own reasons. I'd be happy to work on a patch to fix this behavior if folks are interested since we run PowerDNS with reuseport and handle tens of thousands of queries per second.

@rubenk
Contributor
rubenk commented Mar 9, 2015

@skottler I for one am certainly interested.

@austinoh

Redhat added the SO_REUSEPORT socket option to RHEL 6.5 ((kernel-2.6.32-431) as well. And I do see 1.6 x performance improvement. but, i do not want to run pdns as root to use SO_REUSEPORT option. So, I would like to see this enhancement in near future release.

@Habbie
Member
Habbie commented Oct 21, 2015

Makes me wonder whether authbind would be compatible with SO_REUSEPORT, as a bandaid workaround.

@Habbie Habbie added this to the auth-4.1.0 milestone Dec 15, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment