Write lease file AFTER changing of the effective user/group ID.

Move omshell from dhcp-common to main package (where it originally was).
This commit is contained in:
Jiri Popelka 2011-10-26 19:40:23 +02:00
parent 278bc55875
commit 6e67a560a8
3 changed files with 124 additions and 60 deletions

View File

@ -1,49 +0,0 @@
diff -up dhcp-4.2.2/server/dhcpd.c.paranoia-pid dhcp-4.2.2/server/dhcpd.c
--- dhcp-4.2.2/server/dhcpd.c.paranoia-pid 2011-09-12 16:07:01.000000000 +0200
+++ dhcp-4.2.2/server/dhcpd.c 2011-09-12 16:08:55.680988466 +0200
@@ -791,22 +791,6 @@ main(int argc, char **argv) {
exit (0);
}
-#if defined (PARANOIA)
- /* change uid to the specified one */
-
- if (set_gid) {
- if (setgroups (0, (void *)0))
- log_fatal ("setgroups: %m");
- if (setgid (set_gid))
- log_fatal ("setgid(%d): %m", (int) set_gid);
- }
-
- if (set_uid) {
- if (setuid (set_uid))
- log_fatal ("setuid(%d): %m", (int) set_uid);
- }
-#endif /* PARANOIA */
-
/*
* Deal with pid files. If the user told us
* not to write a file we don't read one either
@@ -843,6 +827,22 @@ main(int argc, char **argv) {
}
}
+#if defined (PARANOIA)
+ /* change uid to the specified one */
+
+ if (set_gid) {
+ if (setgroups (0, (void *)0))
+ log_fatal ("setgroups: %m");
+ if (setgid (set_gid))
+ log_fatal ("setgid(%d): %m", (int) set_gid);
+ }
+
+ if (set_uid) {
+ if (setuid (set_uid))
+ log_fatal ("setuid(%d): %m", (int) set_uid);
+ }
+#endif /* PARANOIA */
+
/* If we were requested to log to stdout on the command line,
keep doing so; otherwise, stop. */
if (log_perror == -1)

110
dhcp-4.2.3-paranoia.patch Normal file
View File

@ -0,0 +1,110 @@
diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
--- dhcp-4.2.3/server/dhcpd.c.paranoia 2011-10-26 19:10:08.162925489 +0200
+++ dhcp-4.2.3/server/dhcpd.c 2011-10-26 19:12:34.541095509 +0200
@@ -699,11 +699,11 @@ main(int argc, char **argv) {
group_write_hook = group_writer;
- /* Start up the database... */
- db_startup (lftest);
-
- if (lftest)
+ if (lftest) {
+ /* Start up the database... */
+ db_startup (lftest);
exit (0);
+ }
/* Discover all the network interfaces and initialize them. */
discover_interfaces(DISCOVER_SERVER);
@@ -743,24 +743,6 @@ main(int argc, char **argv) {
#if defined (TRACING)
trace_seed_stash (trace_srandom, seed + cur_time);
#endif
- postdb_startup ();
-
-#ifdef DHCPv6
- /*
- * Set server DHCPv6 identifier.
- * See dhcpv6.c for discussion of setting DUID.
- */
- if (set_server_duid_from_option() == ISC_R_SUCCESS) {
- write_server_duid();
- } else {
- if (!server_duid_isset()) {
- if (generate_new_server_duid() != ISC_R_SUCCESS) {
- log_fatal("Unable to set server identifier.");
- }
- write_server_duid();
- }
- }
-#endif /* DHCPv6 */
#ifndef DEBUG
if (daemon) {
@@ -771,22 +753,6 @@ main(int argc, char **argv) {
exit (0);
}
-#if defined (PARANOIA)
- /* change uid to the specified one */
-
- if (set_gid) {
- if (setgroups (0, (void *)0))
- log_fatal ("setgroups: %m");
- if (setgid (set_gid))
- log_fatal ("setgid(%d): %m", (int) set_gid);
- }
-
- if (set_uid) {
- if (setuid (set_uid))
- log_fatal ("setuid(%d): %m", (int) set_uid);
- }
-#endif /* PARANOIA */
-
/*
* Deal with pid files. If the user told us
* not to write a file we don't read one either
@@ -823,6 +789,42 @@ main(int argc, char **argv) {
}
}
+#if defined (PARANOIA)
+ /* change uid to the specified one */
+
+ if (set_gid) {
+ if (setgroups (0, (void *)0))
+ log_fatal ("setgroups: %m");
+ if (setgid (set_gid))
+ log_fatal ("setgid(%d): %m", (int) set_gid);
+ }
+
+ if (set_uid) {
+ if (setuid (set_uid))
+ log_fatal ("setuid(%d): %m", (int) set_uid);
+ }
+#endif /* PARANOIA */
+
+ db_startup(lftest);
+ postdb_startup ();
+
+#ifdef DHCPv6
+ /*
+ * Set server DHCPv6 identifier.
+ * See dhcpv6.c for discussion of setting DUID.
+ */
+ if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+ write_server_duid();
+ } else {
+ if (!server_duid_isset()) {
+ if (generate_new_server_duid() != ISC_R_SUCCESS) {
+ log_fatal("Unable to set server identifier.");
+ }
+ write_server_duid();
+ }
+ }
+#endif /* DHCPv6 */
+
/* If we were requested to log to stdout on the command line,
keep doing so; otherwise, stop. */
if (log_perror == -1)

View File

@ -22,7 +22,7 @@
Summary: Dynamic host configuration protocol software Summary: Dynamic host configuration protocol software
Name: dhcp Name: dhcp
Version: 4.2.3 Version: 4.2.3
Release: 2%{?dist} Release: 3%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and # dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was. # that's why it is at 12 now. It should have never been used, but it was.
@ -71,7 +71,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
Patch29: dhcp-4.2.2-remove-bind.patch Patch29: dhcp-4.2.2-remove-bind.patch
Patch30: dhcp-4.2.2-sharedlib.patch Patch30: dhcp-4.2.2-sharedlib.patch
Patch31: dhcp-4.2.0-PPP.patch Patch31: dhcp-4.2.0-PPP.patch
Patch32: dhcp-4.2.2-paranoia-pid.patch Patch32: dhcp-4.2.3-paranoia.patch
Patch33: dhcp-4.2.2-lpf-ib.patch Patch33: dhcp-4.2.2-lpf-ib.patch
Patch34: dhcp-4.2.2-improved-xid.patch Patch34: dhcp-4.2.2-improved-xid.patch
Patch35: dhcp-4.2.2-gpxe-cid.patch Patch35: dhcp-4.2.2-gpxe-cid.patch
@ -117,8 +117,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address, configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network. The dhcp package includes the easier to administer a large network.
ISC DHCP service and relay agent.
To use DHCP on your network, install a DHCP service (or relay agent), To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides and on clients run a DHCP client daemon. The dhcp package provides
@ -315,9 +314,10 @@ rm bind/bind.tar.gz
# DHCPv6 over PPP support (#626514) # DHCPv6 over PPP support (#626514)
%patch31 -p1 -b .PPP %patch31 -p1 -b .PPP
# Move changing of the effective user/group ID after writing new PID file. # Write PID file BEFORE changing of the effective user/group ID.
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
%patch32 -p1 -b .paranoia-pid # Write lease file AFTER changing of the effective user/group ID.
%patch32 -p1 -b .paranoia
# IPoIB support (#660681) # IPoIB support (#660681)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249])
@ -364,7 +364,7 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do
done done
%build %build
libtoolize --copy --force #libtoolize --copy --force
autoreconf --verbose --force --install autoreconf --verbose --force --install
CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \ CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
@ -462,7 +462,6 @@ EOF
# DHCPv6 Server Configuration file. # DHCPv6 Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd6.conf.sample # see /usr/share/doc/dhcp*/dhcpd6.conf.sample
# see dhcpd.conf(5) man page # see dhcpd.conf(5) man page
# run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
# #
EOF EOF
@ -617,6 +616,8 @@ fi
%attr(0644,root,root) %{_unitdir}/dhcrelay.service %attr(0644,root,root) %{_unitdir}/dhcrelay.service
%{_sbindir}/dhcpd %{_sbindir}/dhcpd
%{_sbindir}/dhcrelay %{_sbindir}/dhcrelay
%{_bindir}/omshell
%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
%attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz %attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz
%attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz %attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz
%attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz %attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz
@ -643,8 +644,6 @@ fi
%files common %files common
%doc LICENSE README RELNOTES doc/References.txt %doc LICENSE README RELNOTES doc/References.txt
%{_bindir}/omshell
%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz %attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
%attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz %attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz
@ -670,8 +669,12 @@ fi
%{_initddir}/dhcrelay %{_initddir}/dhcrelay
%changelog %changelog
* Wed Oct 26 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-3
- Write lease file AFTER changing of the effective user/group ID.
- Move omshell from dhcp-common to main package (where it originally was).
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-2 * Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-2
- Move changing of the effective user/group ID after writing new PID file. - Write PID file BEFORE changing of the effective user/group ID.
- Really define _hardened_build this time - Really define _hardened_build this time
* Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-1 * Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-1