diff --git a/includes/dhcpd.h b/includes/dhcpd.h index 378459b..e7ed5a3 100644 --- a/includes/dhcpd.h +++ b/includes/dhcpd.h @@ -2033,6 +2033,11 @@ extern const char *path_dhcpd_pid; extern int dhcp_max_agent_option_packet_length; extern struct eventqueue *rw_queue_empty; +#if defined (PARANOIA) +extern uid_t set_uid; +extern gid_t set_gid; +#endif + int main(int, char **); void postconf_initialization(int); void postdb_startup(void); diff --git a/server/db.c b/server/db.c index d4d42fe..5238ed8 100644 --- a/server/db.c +++ b/server/db.c @@ -1125,6 +1125,22 @@ int new_lease_file () log_error ("Can't create new lease file: %m"); return 0; } + +#if defined (PARANOIA) + /* + * If we are currently root and plan to change the + * uid and gid change the file information so we + * can manipulate it later, after we've changed + * our group and user (that is dropped privileges.) + */ + if ((set_uid != 0) && (geteuid() == 0) && + (set_gid != 0) && (getegid() == 0)) { + if (fchown(db_fd, set_uid, set_gid)) { + log_fatal ("Can't chown new lease file: %m"); + } + } +#endif /* PARANOIA */ + if ((new_db_file = fdopen(db_fd, "we")) == NULL) { log_error("Can't fdopen new lease file: %m"); close(db_fd); diff --git a/server/dhcpd.8 b/server/dhcpd.8 index f4b13dc..8cf756a 100644 --- a/server/dhcpd.8 +++ b/server/dhcpd.8 @@ -78,6 +78,18 @@ dhcpd - Dynamic Host Configuration Protocol Server .B --no-pid ] [ +.B -user +.I user +] +[ +.B -group +.I group +] +[ +.B -chroot +.I dir +] +[ .B -tf .I trace-output-file ] @@ -249,6 +261,26 @@ for correct syntax, but will not attempt to perform any network operations. This can be used to test a new lease file automatically before installing it. .TP +.BI \-user \ user +Setuid to user after completing privileged operations, +such as creating sockets that listen on privileged ports. +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP +.BI \-group \ group +Setgid to group after completing privileged operations, +such as creating sockets that listen on privileged ports. +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP +.BI \-chroot \ dir +Chroot to directory. This may occur before or after +reading the configuration files depending on whether +the code was compiled with the EARLY_CHROOT option +enabled (./configure --enable-early-chroot). +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP .BI \-tf \ tracefile Specify a file into which the entire startup state of the server and all the transactions it processes are logged. This can be diff --git a/server/dhcpd.c b/server/dhcpd.c index ebb6d3e..ca50178 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -50,6 +50,10 @@ static const char url [] = # define group real_group # include # undef group + +/* global values so db.c can look at them */ +uid_t set_uid = 0; +gid_t set_gid = 0; #endif /* PARANOIA */ #ifndef UNIT_TEST @@ -180,9 +184,6 @@ main(int argc, char **argv) { char *set_user = 0; char *set_group = 0; char *set_chroot = 0; - - uid_t set_uid = 0; - gid_t set_gid = 0; #endif /* PARANOIA */ /* Make sure that file descriptors 0 (stdin), 1, (stdout), and