Write lease file AFTER changing of the effective user/group ID.
Move omshell from dhcp-common to main package (where it originally was).
This commit is contained in:
parent
278bc55875
commit
6e67a560a8
@ -1,49 +0,0 @@
|
|||||||
diff -up dhcp-4.2.2/server/dhcpd.c.paranoia-pid dhcp-4.2.2/server/dhcpd.c
|
|
||||||
--- dhcp-4.2.2/server/dhcpd.c.paranoia-pid 2011-09-12 16:07:01.000000000 +0200
|
|
||||||
+++ dhcp-4.2.2/server/dhcpd.c 2011-09-12 16:08:55.680988466 +0200
|
|
||||||
@@ -791,22 +791,6 @@ main(int argc, char **argv) {
|
|
||||||
exit (0);
|
|
||||||
}
|
|
||||||
|
|
||||||
-#if defined (PARANOIA)
|
|
||||||
- /* change uid to the specified one */
|
|
||||||
-
|
|
||||||
- if (set_gid) {
|
|
||||||
- if (setgroups (0, (void *)0))
|
|
||||||
- log_fatal ("setgroups: %m");
|
|
||||||
- if (setgid (set_gid))
|
|
||||||
- log_fatal ("setgid(%d): %m", (int) set_gid);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (set_uid) {
|
|
||||||
- if (setuid (set_uid))
|
|
||||||
- log_fatal ("setuid(%d): %m", (int) set_uid);
|
|
||||||
- }
|
|
||||||
-#endif /* PARANOIA */
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* Deal with pid files. If the user told us
|
|
||||||
* not to write a file we don't read one either
|
|
||||||
@@ -843,6 +827,22 @@ main(int argc, char **argv) {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if defined (PARANOIA)
|
|
||||||
+ /* change uid to the specified one */
|
|
||||||
+
|
|
||||||
+ if (set_gid) {
|
|
||||||
+ if (setgroups (0, (void *)0))
|
|
||||||
+ log_fatal ("setgroups: %m");
|
|
||||||
+ if (setgid (set_gid))
|
|
||||||
+ log_fatal ("setgid(%d): %m", (int) set_gid);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (set_uid) {
|
|
||||||
+ if (setuid (set_uid))
|
|
||||||
+ log_fatal ("setuid(%d): %m", (int) set_uid);
|
|
||||||
+ }
|
|
||||||
+#endif /* PARANOIA */
|
|
||||||
+
|
|
||||||
/* If we were requested to log to stdout on the command line,
|
|
||||||
keep doing so; otherwise, stop. */
|
|
||||||
if (log_perror == -1)
|
|
110
dhcp-4.2.3-paranoia.patch
Normal file
110
dhcp-4.2.3-paranoia.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
|
||||||
|
--- dhcp-4.2.3/server/dhcpd.c.paranoia 2011-10-26 19:10:08.162925489 +0200
|
||||||
|
+++ dhcp-4.2.3/server/dhcpd.c 2011-10-26 19:12:34.541095509 +0200
|
||||||
|
@@ -699,11 +699,11 @@ main(int argc, char **argv) {
|
||||||
|
|
||||||
|
group_write_hook = group_writer;
|
||||||
|
|
||||||
|
- /* Start up the database... */
|
||||||
|
- db_startup (lftest);
|
||||||
|
-
|
||||||
|
- if (lftest)
|
||||||
|
+ if (lftest) {
|
||||||
|
+ /* Start up the database... */
|
||||||
|
+ db_startup (lftest);
|
||||||
|
exit (0);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Discover all the network interfaces and initialize them. */
|
||||||
|
discover_interfaces(DISCOVER_SERVER);
|
||||||
|
@@ -743,24 +743,6 @@ main(int argc, char **argv) {
|
||||||
|
#if defined (TRACING)
|
||||||
|
trace_seed_stash (trace_srandom, seed + cur_time);
|
||||||
|
#endif
|
||||||
|
- postdb_startup ();
|
||||||
|
-
|
||||||
|
-#ifdef DHCPv6
|
||||||
|
- /*
|
||||||
|
- * Set server DHCPv6 identifier.
|
||||||
|
- * See dhcpv6.c for discussion of setting DUID.
|
||||||
|
- */
|
||||||
|
- if (set_server_duid_from_option() == ISC_R_SUCCESS) {
|
||||||
|
- write_server_duid();
|
||||||
|
- } else {
|
||||||
|
- if (!server_duid_isset()) {
|
||||||
|
- if (generate_new_server_duid() != ISC_R_SUCCESS) {
|
||||||
|
- log_fatal("Unable to set server identifier.");
|
||||||
|
- }
|
||||||
|
- write_server_duid();
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-#endif /* DHCPv6 */
|
||||||
|
|
||||||
|
#ifndef DEBUG
|
||||||
|
if (daemon) {
|
||||||
|
@@ -771,22 +753,6 @@ main(int argc, char **argv) {
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
|
||||||
|
-#if defined (PARANOIA)
|
||||||
|
- /* change uid to the specified one */
|
||||||
|
-
|
||||||
|
- if (set_gid) {
|
||||||
|
- if (setgroups (0, (void *)0))
|
||||||
|
- log_fatal ("setgroups: %m");
|
||||||
|
- if (setgid (set_gid))
|
||||||
|
- log_fatal ("setgid(%d): %m", (int) set_gid);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (set_uid) {
|
||||||
|
- if (setuid (set_uid))
|
||||||
|
- log_fatal ("setuid(%d): %m", (int) set_uid);
|
||||||
|
- }
|
||||||
|
-#endif /* PARANOIA */
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* Deal with pid files. If the user told us
|
||||||
|
* not to write a file we don't read one either
|
||||||
|
@@ -823,6 +789,42 @@ main(int argc, char **argv) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if defined (PARANOIA)
|
||||||
|
+ /* change uid to the specified one */
|
||||||
|
+
|
||||||
|
+ if (set_gid) {
|
||||||
|
+ if (setgroups (0, (void *)0))
|
||||||
|
+ log_fatal ("setgroups: %m");
|
||||||
|
+ if (setgid (set_gid))
|
||||||
|
+ log_fatal ("setgid(%d): %m", (int) set_gid);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (set_uid) {
|
||||||
|
+ if (setuid (set_uid))
|
||||||
|
+ log_fatal ("setuid(%d): %m", (int) set_uid);
|
||||||
|
+ }
|
||||||
|
+#endif /* PARANOIA */
|
||||||
|
+
|
||||||
|
+ db_startup(lftest);
|
||||||
|
+ postdb_startup ();
|
||||||
|
+
|
||||||
|
+#ifdef DHCPv6
|
||||||
|
+ /*
|
||||||
|
+ * Set server DHCPv6 identifier.
|
||||||
|
+ * See dhcpv6.c for discussion of setting DUID.
|
||||||
|
+ */
|
||||||
|
+ if (set_server_duid_from_option() == ISC_R_SUCCESS) {
|
||||||
|
+ write_server_duid();
|
||||||
|
+ } else {
|
||||||
|
+ if (!server_duid_isset()) {
|
||||||
|
+ if (generate_new_server_duid() != ISC_R_SUCCESS) {
|
||||||
|
+ log_fatal("Unable to set server identifier.");
|
||||||
|
+ }
|
||||||
|
+ write_server_duid();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif /* DHCPv6 */
|
||||||
|
+
|
||||||
|
/* If we were requested to log to stdout on the command line,
|
||||||
|
keep doing so; otherwise, stop. */
|
||||||
|
if (log_perror == -1)
|
25
dhcp.spec
25
dhcp.spec
@ -22,7 +22,7 @@
|
|||||||
Summary: Dynamic host configuration protocol software
|
Summary: Dynamic host configuration protocol software
|
||||||
Name: dhcp
|
Name: dhcp
|
||||||
Version: 4.2.3
|
Version: 4.2.3
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||||
# that's why it is at 12 now. It should have never been used, but it was.
|
# that's why it is at 12 now. It should have never been used, but it was.
|
||||||
@ -71,7 +71,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
|
|||||||
Patch29: dhcp-4.2.2-remove-bind.patch
|
Patch29: dhcp-4.2.2-remove-bind.patch
|
||||||
Patch30: dhcp-4.2.2-sharedlib.patch
|
Patch30: dhcp-4.2.2-sharedlib.patch
|
||||||
Patch31: dhcp-4.2.0-PPP.patch
|
Patch31: dhcp-4.2.0-PPP.patch
|
||||||
Patch32: dhcp-4.2.2-paranoia-pid.patch
|
Patch32: dhcp-4.2.3-paranoia.patch
|
||||||
Patch33: dhcp-4.2.2-lpf-ib.patch
|
Patch33: dhcp-4.2.2-lpf-ib.patch
|
||||||
Patch34: dhcp-4.2.2-improved-xid.patch
|
Patch34: dhcp-4.2.2-improved-xid.patch
|
||||||
Patch35: dhcp-4.2.2-gpxe-cid.patch
|
Patch35: dhcp-4.2.2-gpxe-cid.patch
|
||||||
@ -117,8 +117,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
|
|||||||
individual devices on an IP network to get their own network
|
individual devices on an IP network to get their own network
|
||||||
configuration information (IP address, subnetmask, broadcast address,
|
configuration information (IP address, subnetmask, broadcast address,
|
||||||
etc.) from a DHCP server. The overall purpose of DHCP is to make it
|
etc.) from a DHCP server. The overall purpose of DHCP is to make it
|
||||||
easier to administer a large network. The dhcp package includes the
|
easier to administer a large network.
|
||||||
ISC DHCP service and relay agent.
|
|
||||||
|
|
||||||
To use DHCP on your network, install a DHCP service (or relay agent),
|
To use DHCP on your network, install a DHCP service (or relay agent),
|
||||||
and on clients run a DHCP client daemon. The dhcp package provides
|
and on clients run a DHCP client daemon. The dhcp package provides
|
||||||
@ -315,9 +314,10 @@ rm bind/bind.tar.gz
|
|||||||
# DHCPv6 over PPP support (#626514)
|
# DHCPv6 over PPP support (#626514)
|
||||||
%patch31 -p1 -b .PPP
|
%patch31 -p1 -b .PPP
|
||||||
|
|
||||||
# Move changing of the effective user/group ID after writing new PID file.
|
# Write PID file BEFORE changing of the effective user/group ID.
|
||||||
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
|
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
|
||||||
%patch32 -p1 -b .paranoia-pid
|
# Write lease file AFTER changing of the effective user/group ID.
|
||||||
|
%patch32 -p1 -b .paranoia
|
||||||
|
|
||||||
# IPoIB support (#660681)
|
# IPoIB support (#660681)
|
||||||
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249])
|
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249])
|
||||||
@ -364,7 +364,7 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
%build
|
%build
|
||||||
libtoolize --copy --force
|
#libtoolize --copy --force
|
||||||
autoreconf --verbose --force --install
|
autoreconf --verbose --force --install
|
||||||
|
|
||||||
CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
|
CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
|
||||||
@ -462,7 +462,6 @@ EOF
|
|||||||
# DHCPv6 Server Configuration file.
|
# DHCPv6 Server Configuration file.
|
||||||
# see /usr/share/doc/dhcp*/dhcpd6.conf.sample
|
# see /usr/share/doc/dhcp*/dhcpd6.conf.sample
|
||||||
# see dhcpd.conf(5) man page
|
# see dhcpd.conf(5) man page
|
||||||
# run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
|
|
||||||
#
|
#
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@ -617,6 +616,8 @@ fi
|
|||||||
%attr(0644,root,root) %{_unitdir}/dhcrelay.service
|
%attr(0644,root,root) %{_unitdir}/dhcrelay.service
|
||||||
%{_sbindir}/dhcpd
|
%{_sbindir}/dhcpd
|
||||||
%{_sbindir}/dhcrelay
|
%{_sbindir}/dhcrelay
|
||||||
|
%{_bindir}/omshell
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
|
||||||
%attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz
|
%attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz
|
||||||
%attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz
|
%attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz
|
||||||
%attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz
|
%attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz
|
||||||
@ -643,8 +644,6 @@ fi
|
|||||||
|
|
||||||
%files common
|
%files common
|
||||||
%doc LICENSE README RELNOTES doc/References.txt
|
%doc LICENSE README RELNOTES doc/References.txt
|
||||||
%{_bindir}/omshell
|
|
||||||
%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
|
|
||||||
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
|
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
|
||||||
%attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz
|
%attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz
|
||||||
|
|
||||||
@ -670,8 +669,12 @@ fi
|
|||||||
%{_initddir}/dhcrelay
|
%{_initddir}/dhcrelay
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 26 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-3
|
||||||
|
- Write lease file AFTER changing of the effective user/group ID.
|
||||||
|
- Move omshell from dhcp-common to main package (where it originally was).
|
||||||
|
|
||||||
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-2
|
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-2
|
||||||
- Move changing of the effective user/group ID after writing new PID file.
|
- Write PID file BEFORE changing of the effective user/group ID.
|
||||||
- Really define _hardened_build this time
|
- Really define _hardened_build this time
|
||||||
|
|
||||||
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-1
|
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-1
|
||||||
|
Loading…
Reference in New Issue
Block a user