From 00cab788b8ac41ba728c40648514fea566e15d4c Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 19 Sep 2019 12:57:24 +0200
Subject: [PATCH] Drop privileges

---
 Cargo.toml         |  1 +
 encrypted-dns.toml | 19 +++++++++++++++++--
 src/config.rs      |  3 +++
 src/errors.rs      |  3 +++
 src/main.rs        | 16 ++++++++++++++++
 5 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 6b9ae14..5c62d7a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,6 +18,7 @@ libsodium-sys="0.2.4"
 log = "0.4.8"
 net2 = "0.2.33"
 parking_lot = "0.9.0"
+privdrop = "0.3.3"
 rand = "0.7.2"
 serde = "1.0.101"
 serde_derive = "1.0.101"
diff --git a/encrypted-dns.toml b/encrypted-dns.toml
index 1d35487..7a3023d 100644
--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@@ -12,7 +12,7 @@
 
 ## IP addresses and ports to listen to
 
-listen_addrs = ["127.0.0.1:4443"]
+listen_addrs = ["127.0.0.1:4443", "[::1]:4443"]
 
 
 ## IP address to connect to upstream servers from
@@ -50,6 +50,21 @@ udp_max_active_connections = 1000
 tcp_max_active_connections = 100
 
 
+## User name to drop privileges to, when started as root.
+
+# user = "nobody"
+
+
+## Group name to drop privileges to, when started as root.
+
+# group = "nobody"
+
+
+## Path to chroot() to, when started as root.
+
+# chroot = "/tmp"
+
+
 
 ####################################
 #         DNSCrypt settings        #
@@ -71,4 +86,4 @@ provider_name = "secure.dns.test"
 
 ## Where to prooxy TLS connections to (e.g. DoH server)
 
-# upstream_addr = "127.0.0.1:4343"
\ No newline at end of file
+# upstream_addr = "127.0.0.1:4343"
diff --git a/src/config.rs b/src/config.rs
index 3728d09..90565a1 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -26,6 +26,9 @@ pub struct Config {
     pub tcp_timeout: u32,
     pub udp_max_active_connections: u32,
     pub tcp_max_active_connections: u32,
+    pub user: Option<String>,
+    pub group: Option<String>,
+    pub chroot: Option<String>,
     pub dnscrypt: DNSCryptConfig,
     pub tls: TLSConfig,
 }
diff --git a/src/errors.rs b/src/errors.rs
index 9ac3ea3..cb95ce3 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -1,4 +1,5 @@
 pub use failure::{bail, ensure, Error};
+use privdrop::PrivDropError;
 use std::io;
 use std::net::AddrParseError;
 
@@ -10,4 +11,6 @@ pub enum ProxyError {
     Io(#[cause] io::Error),
     #[fail(display = "Unable to parse address: [{}]", _0)]
     AddrParseError(#[cause] AddrParseError),
+    #[fail(display = "Privilege drop error: [{}]", _0)]
+    PrivDrop(#[cause] PrivDropError),
 }
diff --git a/src/main.rs b/src/main.rs
index b6fa311..7837938 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -42,6 +42,7 @@ use failure::{bail, ensure};
 use futures::join;
 use futures::prelude::*;
 use parking_lot::Mutex;
+use privdrop::PrivDrop;
 use rand::prelude::*;
 use std::collections::vec_deque::VecDeque;
 use std::convert::TryFrom;
@@ -436,6 +437,21 @@ fn main() -> Result<(), Error> {
     let mut runtime_builder = tokio::runtime::Builder::new();
     runtime_builder.name_prefix("encrypted-dns-");
     let runtime = Arc::new(runtime_builder.build()?);
+
+    let mut pd = PrivDrop::default();
+    if let Some(user) = &config.user {
+        pd = pd.user(user);
+    }
+    if let Some(group) = &config.group {
+        pd = pd.group(group);
+    }
+    if let Some(chroot) = &config.chroot {
+        pd = pd.chroot(chroot);
+    }
+    if config.user.is_some() || config.group.is_some() || config.chroot.is_some() {
+        info!("Dropping privileges");
+        pd.apply()?;
+    }
     let globals = Arc::new(Globals {
         runtime: runtime.clone(),
         dnscrypt_encryption_params_set: vec![dnscrypt_encryption_params],