Re: getaddrinfo(3) & chroot(2) with root

Wed, 14 May 2014 10:17:05 -0700 

On 05/14/14 18:57, Denis Fondras wrote:
> Hello all,
> 
> I am burning my last neurons with a behavior I can't explain. I wonder
> why getaddrinfo() fails when called after chroot() with root user.
> 
> 
> I have this piece of code :
> 
> /*--- test.c ---*/
> #include <sys/types.h>
> #include <stdio.h>
> #include <sys/socket.h>
> #include <netdb.h>
> #include <pwd.h>
> 
> int main(int argc, char *argv[])
> {
>         struct addrinfo *ai_out;
>         struct passwd   *pw;
>         int error;
> 
>         pw = getpwnam("_bgpd");
> 
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
> 
>         chroot(pw->pw_dir);
>         chdir("/");
> 
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
> 
>         return 0;
> }
> /*--- test.c ---*/
> 
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
> 
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
> 
> 
> 
> 
> Everything is good. Now if I compile :
> 
> /*--- test.c ---*/
> #include <sys/types.h>
> #include <stdio.h>
> #include <sys/socket.h>
> #include <netdb.h>
> #include <pwd.h>
> 
> int main(int argc, char *argv[])
> {
>         struct addrinfo *ai_out;
>         struct passwd   *pw;
>         int error;
> 
>         pw = getpwnam("_bgpd");
> 
>         error = 0
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
> 
>         chroot(pw->pw_dir);
> 
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
> 
>         return 0;
> }
> /*--- test.c ---*/
> 
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
> 
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() failed
> 
> 
> 
> If this an expected behavior, what would be the preferred way to resolve
> a name from a chrooted process ? I am extending OpenBGPd and I need to
> resolve domain names and connect to a service (no BGP protocol). I am
> currently using the "session" process to handle the connection part but
> I am stuck on name resolution for now.
> 
> Thank you in advance,
> Denis
> 

I wonder if you're using the wrong function.  There is gethostbyname for
forward lookups?

Regards,

-peter

Reply via email to