load resolver files before chroot (patch)

Privoxy's support for chroot is good, but here is a
patch to
make it even easier to use.

The first time a process does host-name resolution, many
implementations of gethostbyname() read files from /etc and
load shared libraries from /lib. Since the first time
privoxy calls gethostbyname() is after the chroot(), all
these files need to be copied into the chroot tree.

However, copying these files can be avoided if we have
privoxy do one gethostbyname() before the chroot(). Then
privoxy can use the copies in the real /etc and /lib. The
following patch does this.

The patch also adds a "--chroot-hostname" command line
option to control the hostname resolved. This allows for
performance optimization; it is not necessary to use this
option to improve your chroot experience.

Having this patch may have helped the user who reported
tracker item 888377.

I note that the author of the original chroot patch wanted
to add a tzset() call before the chroot, but it never
happened. I see this need, too, and my patch also adds a
tzset call. This causes /etc/localtime to be read before
the chroot.

I have the Debian 3.0.3-4 package, and these diffs are
against that. I looked for your CVS sources but couldn't
find the branch the Debian package is based on.

< Stephen

--- privoxy-3.0.3/jcc.c 2005-08-28 21:45:03 -0700
+++ jcc.c 2005-08-29 12:28:47 -0700
@@ -1762,7 +1762,7 @@ void usage(const char *myname)
#if !defined(unix)
"Usage: %s [--help] [--version] [configfile]\n"
#else
- "Usage: %s [--help] [--version]
[--no-daemon] [--pidfile pidfile] [--user user[.group]]
[configfile]\n"
+ "Usage: %s [--help] [--version]
[--no-daemon] [--pidfile pidfile] [--chroot-hostname
hostname] [--chroot] [--user user[.group]] [configfile]\n"
#endif
"Aborting.\n", myname);

@@ -1806,6 +1806,7 @@ int main(int argc, const char
*argv[])
struct group *grp = NULL;
char *p;
int do_chroot = 0;
+ char *chroot_hostname_to_load_resolver = NULL;
#endif

Argc = argc;
@@ -1869,6 +1870,23 @@ int main(int argc, const char
*argv[])
if (p != NULL) *--p = '\0';
}

+ else if (strcmp(argv[argc_pos],
"--chroot-hostname" ) == 0)
+ {
+ /*
+ * For fastest startup speed, a good value
for the chroot
+ * hostname lookup is a host name that is not
in /etc/hosts
+ * but that your local name server (listed in
+ * /etc/resolv.conf) can resolve without
recursion (that is,
+ * without having to ask any other name servers).
+ * The hostname need not exist, but if it
doesn't, an error
+ * message (which can be ignored) will be output.
+ * If not set, a default is used. If set to
the empty string,
+ * the extra lookup is skipped.
+ */
+ if (++argc_pos == argc) usage(argv[0]);
+ chroot_hostname_to_load_resolver =
strdup(argv[argc_pos]);
+ }
+
else if (strcmp(argv[argc_pos], "--chroot" ) == 0)
{
do_chroot = 1;
@@ -2060,6 +2078,25 @@ int main(int argc, const char
*argv[])
{
log_error(LOG_LEVEL_FATAL, "Home directory
for %s undefined", pw->pw_name);
}
+ /* Read the time zone file from /etc before
doing chroot. */
+ tzset();
+ if (NULL == chroot_hostname_to_load_resolver)
+ {
+ /* default to a hostname not likely to be
in /etc/hosts */
+ chroot_hostname_to_load_resolver =
strdup(".");
+ }
+ if (NULL != chroot_hostname_to_load_resolver
+ && '\0' !=
chroot_hostname_to_load_resolver[0])
+ {
+ /*
+ * On some systems, initializing the
resolver library
+ * involves reading config files from /etc
and/or loading
+ * additional shared libraries from /lib,
so we do one
+ * hostname lookup before the chroot to
reduce the number
+ * of files that must be copied into the
chroot tree.
+ */
+ (void)
resolve_hostname_to_ip(chroot_hostname_to_load_resolver);
+ }
if (chroot(pw->pw_dir) < 0)
{
log_error(LOG_LEVEL_FATAL, "Cannot chroot
to %s", pw->pw_dir);