search

blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
GNU General Public License v3.0
3.16k stars 466 forks source link

Privileges could not be dropped to "nobody:nogroup" #141

Closed TheTechromancer closed 1 year ago

TheTechromancer commented 1 year ago

Running massdns on a fresh Arch Linode produces the following error:

# echo www.blacklanternsecurity.com | ~/.bbot/tools/massdns -r /tmp/resolvers -s 1000 -t A -o J -q                                                                                                                                                        
Privileges could not be dropped to "nobody:nogroup".                                                                                                                                                                                                                           
For security reasons, this program will only run as root user when supplied with --root, which is not recommended.                                                                                                                                                             
It is better practice to run this program as a different user.

The issue is that the naming of nogroup is a distro-specific convention. Most sane distros share the nobody user (UID: 65534). The case for the group is muddier; Debian-based distros call it nogroup and Arch-based distros call it nobody. However regardless of the name, the GID for both groups is 65534.

The best approach to this issue might be to simply use the UID and GID numbers instead of their names.

Thanks for your time and thanks for writing such a useful tool.

EDIT: I have made a PR that automatically falls back to UID/GID 65534 if the builtin accounts don't exist: https://github.com/blechschmidt/massdns/pull/143

blechschmidt commented 1 year ago

Solved by #143. Thanks again!