dhcp/dhcp-paranoia.patch
2015-07-02 11:32:30 +02:00

119 lines
3.3 KiB
Diff

diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 378459b..e7ed5a3 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2033,6 +2033,11 @@ extern const char *path_dhcpd_pid;
extern int dhcp_max_agent_option_packet_length;
extern struct eventqueue *rw_queue_empty;
+#if defined (PARANOIA)
+extern uid_t set_uid;
+extern gid_t set_gid;
+#endif
+
int main(int, char **);
void postconf_initialization(int);
void postdb_startup(void);
diff --git a/server/db.c b/server/db.c
index d4d42fe..5238ed8 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1125,6 +1125,22 @@ int new_lease_file ()
log_error ("Can't create new lease file: %m");
return 0;
}
+
+#if defined (PARANOIA)
+ /*
+ * If we are currently root and plan to change the
+ * uid and gid change the file information so we
+ * can manipulate it later, after we've changed
+ * our group and user (that is dropped privileges.)
+ */
+ if ((set_uid != 0) && (geteuid() == 0) &&
+ (set_gid != 0) && (getegid() == 0)) {
+ if (fchown(db_fd, set_uid, set_gid)) {
+ log_fatal ("Can't chown new lease file: %m");
+ }
+ }
+#endif /* PARANOIA */
+
if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
log_error("Can't fdopen new lease file: %m");
close(db_fd);
diff --git a/server/dhcpd.8 b/server/dhcpd.8
index f4b13dc..8cf756a 100644
--- a/server/dhcpd.8
+++ b/server/dhcpd.8
@@ -78,6 +78,18 @@ dhcpd - Dynamic Host Configuration Protocol Server
.B --no-pid
]
[
+.B -user
+.I user
+]
+[
+.B -group
+.I group
+]
+[
+.B -chroot
+.I dir
+]
+[
.B -tf
.I trace-output-file
]
@@ -249,6 +261,26 @@ for correct syntax, but will not attempt to perform any network
operations. This can be used to test a new lease file
automatically before installing it.
.TP
+.BI \-user \ user
+Setuid to user after completing privileged operations,
+such as creating sockets that listen on privileged ports.
+This option is only available if the code was compiled
+with the PARANOIA patch (./configure --enable-paranoia).
+.TP
+.BI \-group \ group
+Setgid to group after completing privileged operations,
+such as creating sockets that listen on privileged ports.
+This option is only available if the code was compiled
+with the PARANOIA patch (./configure --enable-paranoia).
+.TP
+.BI \-chroot \ dir
+Chroot to directory. This may occur before or after
+reading the configuration files depending on whether
+the code was compiled with the EARLY_CHROOT option
+enabled (./configure --enable-early-chroot).
+This option is only available if the code was compiled
+with the PARANOIA patch (./configure --enable-paranoia).
+.TP
.BI \-tf \ tracefile
Specify a file into which the entire startup state of the server and
all the transactions it processes are logged. This can be
diff --git a/server/dhcpd.c b/server/dhcpd.c
index ebb6d3e..ca50178 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -50,6 +50,10 @@ static const char url [] =
# define group real_group
# include <grp.h>
# undef group
+
+/* global values so db.c can look at them */
+uid_t set_uid = 0;
+gid_t set_gid = 0;
#endif /* PARANOIA */
#ifndef UNIT_TEST
@@ -180,9 +184,6 @@ main(int argc, char **argv) {
char *set_user = 0;
char *set_group = 0;
char *set_chroot = 0;
-
- uid_t set_uid = 0;
- gid_t set_gid = 0;
#endif /* PARANOIA */
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and