test upstream fix for #866714 (paranoia.patch)
This commit is contained in:
parent
5fe3b160c0
commit
8df2f33e21
@ -1,111 +1,52 @@
|
|||||||
diff -up dhcp-4.3.1b1/client/dhclient.c.dlTsyN dhcp-4.3.1b1/client/dhclient.c
|
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
|
||||||
--- dhcp-4.3.1b1/client/dhclient.c.dlTsyN 2014-07-10 17:49:49.882925843 +0200
|
index 378459b..e7ed5a3 100644
|
||||||
+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:50:26.922402550 +0200
|
--- a/includes/dhcpd.h
|
||||||
@@ -1748,11 +1748,6 @@ int write_host (host)
|
+++ b/includes/dhcpd.h
|
||||||
return 0;
|
@@ -2033,6 +2033,11 @@ extern const char *path_dhcpd_pid;
|
||||||
}
|
extern int dhcp_max_agent_option_packet_length;
|
||||||
|
extern struct eventqueue *rw_queue_empty;
|
||||||
-void db_startup (testp)
|
|
||||||
- int testp;
|
|
||||||
-{
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
void bootp (packet)
|
|
||||||
struct packet *packet;
|
|
||||||
{
|
|
||||||
diff -up dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN dhcp-4.3.1b1/includes/dhcpd.h
|
|
||||||
--- dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN 2014-07-10 17:48:03.798424601 +0200
|
|
||||||
+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:50:26.923402536 +0200
|
|
||||||
@@ -2866,7 +2866,11 @@ void commit_leases_timeout (void *);
|
|
||||||
void commit_leases_readerdry(void *);
|
|
||||||
int commit_leases (void);
|
|
||||||
int commit_leases_timed (void);
|
|
||||||
+#if defined (PARANOIA)
|
|
||||||
+void db_startup (int, uid_t, gid_t);
|
|
||||||
+#else
|
|
||||||
void db_startup (int);
|
|
||||||
+#endif /* PARANOIA */
|
|
||||||
int new_lease_file (void);
|
|
||||||
int group_writer (struct group_object *);
|
|
||||||
int write_ia(const struct ia_xx *);
|
|
||||||
diff -up dhcp-4.3.1b1/server/confpars.c.dlTsyN dhcp-4.3.1b1/server/confpars.c
|
|
||||||
--- dhcp-4.3.1b1/server/confpars.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200
|
|
||||||
+++ dhcp-4.3.1b1/server/confpars.c 2014-07-10 17:50:26.924402522 +0200
|
|
||||||
@@ -219,7 +219,11 @@ void trace_conf_input (trace_type_t *tty
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!leaseconf_initialized && ttype == trace_readleases_type) {
|
|
||||||
+#if defined (PARANOIA)
|
|
||||||
+ db_startup (0, 0, 0);
|
|
||||||
+#else
|
|
||||||
db_startup (0);
|
|
||||||
+#endif /* PARANOIA */
|
|
||||||
leaseconf_initialized = 1;
|
|
||||||
postdb_startup ();
|
|
||||||
}
|
|
||||||
diff -up dhcp-4.3.1b1/server/db.c.dlTsyN dhcp-4.3.1b1/server/db.c
|
|
||||||
--- dhcp-4.3.1b1/server/db.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200
|
|
||||||
+++ dhcp-4.3.1b1/server/db.c 2014-07-10 17:50:26.925402508 +0200
|
|
||||||
@@ -42,6 +42,10 @@ static int counting = 0;
|
|
||||||
static int count = 0;
|
|
||||||
TIME write_time;
|
|
||||||
int lease_file_is_corrupt = 0;
|
|
||||||
+#if defined (PARANOIA)
|
|
||||||
+uid_t global_set_uid = 0;
|
|
||||||
+gid_t global_set_gid = 0;
|
|
||||||
+#endif /* PARANOIA */
|
|
||||||
|
|
||||||
/* Write a single binding scope value in parsable format.
|
|
||||||
*/
|
|
||||||
@@ -1046,8 +1050,11 @@ int commit_leases_timed()
|
|
||||||
return (1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-void db_startup (testp)
|
|
||||||
- int testp;
|
|
||||||
+#if defined (PARANOIA)
|
|
||||||
+void db_startup (int testp, uid_t set_uid, gid_t set_gid)
|
|
||||||
+#else
|
|
||||||
+void db_startup (int testp)
|
|
||||||
+#endif /* PARANOIA */
|
|
||||||
{
|
|
||||||
isc_result_t status;
|
|
||||||
|
|
||||||
@@ -1066,6 +1073,11 @@ void db_startup (testp)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#if defined (PARANOIA)
|
+#if defined (PARANOIA)
|
||||||
+ global_set_uid = set_uid;
|
+extern uid_t set_uid;
|
||||||
+ global_set_gid = set_gid;
|
+extern gid_t set_gid;
|
||||||
+#endif /* PARANOIA */
|
+#endif
|
||||||
+
|
+
|
||||||
#if defined (TRACING)
|
int main(int, char **);
|
||||||
/* If we're playing back, there is no lease file, so we can't
|
void postconf_initialization(int);
|
||||||
append it, so we create one immediately (maybe this isn't
|
void postdb_startup(void);
|
||||||
@@ -1128,6 +1140,17 @@ int new_lease_file ()
|
diff --git a/server/db.c b/server/db.c
|
||||||
|
index d4d42fe..5238ed8 100644
|
||||||
|
--- a/server/db.c
|
||||||
|
+++ b/server/db.c
|
||||||
|
@@ -1125,6 +1125,22 @@ int new_lease_file ()
|
||||||
log_error ("Can't create new lease file: %m");
|
log_error ("Can't create new lease file: %m");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+#if defined (PARANOIA)
|
+#if defined (PARANOIA)
|
||||||
+ if (global_set_uid && !geteuid() &&
|
+ /*
|
||||||
+ global_set_gid && !getegid())
|
+ * If we are currently root and plan to change the
|
||||||
+ if (fchown(db_fd, global_set_uid, global_set_gid)) {
|
+ * uid and gid change the file information so we
|
||||||
|
+ * can manipulate it later, after we've changed
|
||||||
|
+ * our group and user (that is dropped privileges.)
|
||||||
|
+ */
|
||||||
|
+ if ((set_uid != 0) && (geteuid() == 0) &&
|
||||||
|
+ (set_gid != 0) && (getegid() == 0)) {
|
||||||
|
+ if (fchown(db_fd, set_uid, set_gid)) {
|
||||||
+ log_fatal ("Can't chown new lease file: %m");
|
+ log_fatal ("Can't chown new lease file: %m");
|
||||||
+ close(db_fd);
|
+ }
|
||||||
+ goto fdfail;
|
|
||||||
+ }
|
+ }
|
||||||
+#endif /* PARANOIA */
|
+#endif /* PARANOIA */
|
||||||
+
|
+
|
||||||
if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
|
if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
|
||||||
log_error("Can't fdopen new lease file: %m");
|
log_error("Can't fdopen new lease file: %m");
|
||||||
close(db_fd);
|
close(db_fd);
|
||||||
diff -up dhcp-4.3.1b1/server/dhcpd.8.dlTsyN dhcp-4.3.1b1/server/dhcpd.8
|
diff --git a/server/dhcpd.8 b/server/dhcpd.8
|
||||||
--- dhcp-4.3.1b1/server/dhcpd.8.dlTsyN 2014-07-02 19:58:39.000000000 +0200
|
index f4b13dc..8cf756a 100644
|
||||||
+++ dhcp-4.3.1b1/server/dhcpd.8 2014-07-10 17:50:26.925402508 +0200
|
--- a/server/dhcpd.8
|
||||||
@@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto
|
+++ b/server/dhcpd.8
|
||||||
.I trace-output-file
|
@@ -78,6 +78,18 @@ dhcpd - Dynamic Host Configuration Protocol Server
|
||||||
|
.B --no-pid
|
||||||
]
|
]
|
||||||
[
|
[
|
||||||
+.B -user
|
+.B -user
|
||||||
@ -120,37 +61,58 @@ diff -up dhcp-4.3.1b1/server/dhcpd.8.dlTsyN dhcp-4.3.1b1/server/dhcpd.8
|
|||||||
+.I dir
|
+.I dir
|
||||||
+]
|
+]
|
||||||
+[
|
+[
|
||||||
.B -play
|
.B -tf
|
||||||
.I trace-playback-file
|
.I trace-output-file
|
||||||
]
|
]
|
||||||
@@ -269,6 +281,15 @@ lease file.
|
@@ -249,6 +261,26 @@ for correct syntax, but will not attempt to perform any network
|
||||||
|
operations. This can be used to test a new lease file
|
||||||
|
automatically before installing it.
|
||||||
.TP
|
.TP
|
||||||
.BI --version
|
|
||||||
Print version number and exit.
|
|
||||||
+.TP
|
|
||||||
+.BI \-user \ user
|
+.BI \-user \ user
|
||||||
+Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports.
|
+Setuid to user after completing privileged operations,
|
||||||
|
+such as creating sockets that listen on privileged ports.
|
||||||
|
+This option is only available if the code was compiled
|
||||||
|
+with the PARANOIA patch (./configure --enable-paranoia).
|
||||||
+.TP
|
+.TP
|
||||||
+.BI \-group \ group
|
+.BI \-group \ group
|
||||||
+Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports.
|
+Setgid to group after completing privileged operations,
|
||||||
|
+such as creating sockets that listen on privileged ports.
|
||||||
|
+This option is only available if the code was compiled
|
||||||
|
+with the PARANOIA patch (./configure --enable-paranoia).
|
||||||
+.TP
|
+.TP
|
||||||
+.BI \-chroot \ dir
|
+.BI \-chroot \ dir
|
||||||
+Chroot to directory after processing the command line arguments, but before reading the configuration file.
|
+Chroot to directory. This may occur before or after
|
||||||
.PP
|
+reading the configuration files depending on whether
|
||||||
.I Modifying default file locations:
|
+the code was compiled with the EARLY_CHROOT option
|
||||||
The following options can be used to modify the locations
|
+enabled (./configure --enable-early-chroot).
|
||||||
diff -up dhcp-4.3.1b1/server/dhcpd.c.dlTsyN dhcp-4.3.1b1/server/dhcpd.c
|
+This option is only available if the code was compiled
|
||||||
--- dhcp-4.3.1b1/server/dhcpd.c.dlTsyN 2014-07-10 17:39:25.802764582 +0200
|
+with the PARANOIA patch (./configure --enable-paranoia).
|
||||||
+++ dhcp-4.3.1b1/server/dhcpd.c 2014-07-10 17:52:35.341588248 +0200
|
+.TP
|
||||||
@@ -628,7 +628,11 @@ main(int argc, char **argv) {
|
.BI \-tf \ tracefile
|
||||||
group_write_hook = group_writer;
|
Specify a file into which the entire startup state of the server and
|
||||||
|
all the transactions it processes are logged. This can be
|
||||||
|
diff --git a/server/dhcpd.c b/server/dhcpd.c
|
||||||
|
index ebb6d3e..ca50178 100644
|
||||||
|
--- a/server/dhcpd.c
|
||||||
|
+++ b/server/dhcpd.c
|
||||||
|
@@ -50,6 +50,10 @@ static const char url [] =
|
||||||
|
# define group real_group
|
||||||
|
# include <grp.h>
|
||||||
|
# undef group
|
||||||
|
+
|
||||||
|
+/* global values so db.c can look at them */
|
||||||
|
+uid_t set_uid = 0;
|
||||||
|
+gid_t set_gid = 0;
|
||||||
|
#endif /* PARANOIA */
|
||||||
|
|
||||||
/* Start up the database... */
|
#ifndef UNIT_TEST
|
||||||
+#if defined (PARANOIA)
|
@@ -180,9 +184,6 @@ main(int argc, char **argv) {
|
||||||
+ db_startup (lftest, set_uid, set_gid);
|
char *set_user = 0;
|
||||||
+#else
|
char *set_group = 0;
|
||||||
db_startup (lftest);
|
char *set_chroot = 0;
|
||||||
+#endif /* PARANOIA */
|
-
|
||||||
|
- uid_t set_uid = 0;
|
||||||
|
- gid_t set_gid = 0;
|
||||||
|
#endif /* PARANOIA */
|
||||||
|
|
||||||
if (lftest)
|
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
|
||||||
exit (0);
|
|
||||||
|
@ -237,7 +237,7 @@ diff -up dhcp-4.3.2/server/dhcpd.c.systemtap dhcp-4.3.2/server/dhcpd.c
|
|||||||
--- dhcp-4.3.2/server/dhcpd.c.systemtap 2015-03-05 19:06:12.910502462 +0100
|
--- dhcp-4.3.2/server/dhcpd.c.systemtap 2015-03-05 19:06:12.910502462 +0100
|
||||||
+++ dhcp-4.3.2/server/dhcpd.c 2015-03-05 19:06:12.933502132 +0100
|
+++ dhcp-4.3.2/server/dhcpd.c 2015-03-05 19:06:12.933502132 +0100
|
||||||
@@ -52,6 +52,8 @@ static const char url [] =
|
@@ -52,6 +52,8 @@ static const char url [] =
|
||||||
# undef group
|
gid_t set_gid = 0;
|
||||||
#endif /* PARANOIA */
|
#endif /* PARANOIA */
|
||||||
|
|
||||||
+#include "trace.h"
|
+#include "trace.h"
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
Summary: Dynamic host configuration protocol software
|
Summary: Dynamic host configuration protocol software
|
||||||
Name: dhcp
|
Name: dhcp
|
||||||
Version: 4.3.2
|
Version: 4.3.2
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||||
# that's why it is at 12 now. It should have never been used, but it was.
|
# that's why it is at 12 now. It should have never been used, but it was.
|
||||||
@ -675,6 +675,9 @@ done
|
|||||||
%doc doc/html/
|
%doc doc/html/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 02 2015 Jiri Popelka <jpopelka@redhat.com> - 12:4.3.2-9
|
||||||
|
- test upstream fix for #866714 (paranoia.patch)
|
||||||
|
|
||||||
* Wed Jun 24 2015 Jiri Popelka <jpopelka@redhat.com> - 12:4.3.2-8
|
* Wed Jun 24 2015 Jiri Popelka <jpopelka@redhat.com> - 12:4.3.2-8
|
||||||
- add more randomness into xid generation (#1195693)
|
- add more randomness into xid generation (#1195693)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user