Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 164245 Details for
Bug 205214
net-misc/dhcp-4.0 version bump
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
dhcp-4.0-paranoia.patch
dhcp-4.0-paranoia.patch (text/plain), 4.13 KB, created by
Tony Vroon (RETIRED)
on 2008-09-01 13:54:10 UTC
(
hide
)
Description:
dhcp-4.0-paranoia.patch
Filename:
MIME Type:
Creator:
Tony Vroon (RETIRED)
Created:
2008-09-01 13:54:10 UTC
Size:
4.13 KB
patch
obsolete
>diff -uNr dhcp-4.0.0.ORIG/server/dhcpd.c dhcp-4.0.0/server/dhcpd.c >--- dhcp-4.0.0.ORIG/server/dhcpd.c 2008-09-01 11:28:30.000000000 +0100 >+++ dhcp-4.0.0/server/dhcpd.c 2008-09-01 11:35:31.000000000 +0100 >@@ -46,6 +46,16 @@ > #include <sys/types.h> > #include <signal.h> > >+#if defined (PARANOIA) >+# include <sys/types.h> >+# include <unistd.h> >+# include <pwd.h> >+/* get around the ISC declaration of group */ >+# define group real_group >+# include <grp.h> >+# undef group >+#endif /* PARANOIA */ >+ > static void usage(void); > > struct iaddr server_identifier; >@@ -192,6 +202,21 @@ > omapi_object_dereference (&listener, MDL); > } > >+#if defined (PARANOIA) >+/* to be used in one of two possible scenarios */ >+static void setup_chroot (char *chroot_dir) { >+ if (geteuid()) >+ log_fatal ("you must be root to use chroot"); >+ if (chroot(chroot_dir)) { >+ log_fatal ("chroot(\"%s\"): %m", chroot_dir); >+ } >+ if (chdir ("/")) { >+ /* probably permission denied */ >+ log_fatal ("chdir(\"/\"): %m"); >+ } >+} >+#endif /* PARANOIA */ >+ > #ifndef UNIT_TEST > int > main(int argc, char **argv) { >@@ -221,6 +246,14 @@ > char *traceinfile = (char *)0; > char *traceoutfile = (char *)0; > #endif >+#if defined (PARANOIA) >+ char *set_user = 0; >+ char *set_group = 0; >+ char *set_chroot = 0; >+ >+ uid_t set_uid = 0; >+ gid_t set_gid = 0; >+#endif /* PARANOIA */ > > /* Make sure that file descriptors 0 (stdin), 1, (stdout), and > 2 (stderr) are open. To do this, we assume that when we >@@ -281,6 +314,20 @@ > if (++i == argc) > usage (); > server = argv [i]; >+#if defined (PARANOIA) >+ } else if (!strcmp (argv [i], "-user")) { >+ if (++i == argc) >+ usage (); >+ set_user = argv [i]; >+ } else if (!strcmp (argv [i], "-group")) { >+ if (++i == argc) >+ usage (); >+ set_group = argv [i]; >+ } else if (!strcmp (argv [i], "-chroot")) { >+ if (++i == argc) >+ usage (); >+ set_chroot = argv [i]; >+#endif /* PARANOIA */ > } else if (!strcmp (argv [i], "-cf")) { > if (++i == argc) > usage (); >@@ -434,6 +481,44 @@ > trace_seed_stop, MDL); > #endif > >+#if defined (PARANOIA) >+ /* get user and group info if those options were given */ >+ if (set_user) { >+ struct passwd *tmp_pwd; >+ >+ if (geteuid()) >+ log_fatal ("you must be root to set user"); >+ >+ if (!(tmp_pwd = getpwnam(set_user))) >+ log_fatal ("no such user: %s", set_user); >+ >+ set_uid = tmp_pwd->pw_uid; >+ >+ /* use the user's group as the default gid */ >+ if (!set_group) >+ set_gid = tmp_pwd->pw_gid; >+ } >+ >+ if (set_group) { >+/* get around the ISC declaration of group */ >+#define group real_group >+ struct group *tmp_grp; >+ >+ if (geteuid()) >+ log_fatal ("you must be root to set group"); >+ >+ if (!(tmp_grp = getgrnam(set_group))) >+ log_fatal ("no such group: %s", set_group); >+ >+ set_gid = tmp_grp->gr_gid; >+#undef group >+ } >+ >+# if defined (EARLY_CHROOT) >+ if (set_chroot) setup_chroot (set_chroot); >+# endif /* EARLY_CHROOT */ >+#endif /* PARANOIA */ >+ > /* Default to the DHCP/BOOTP port. */ > if (!local_port) > { >@@ -572,6 +657,10 @@ > > postconf_initialization (quiet); > >+#if defined (PARANOIA) && !defined (EARLY_CHROOT) >+ if (set_chroot) setup_chroot (set_chroot); >+#endif /* PARANOIA && !EARLY_CHROOT */ >+ > /* test option should cause an early exit */ > if (cftest && !lftest) > exit(0); >@@ -655,6 +744,22 @@ > exit (0); > } > >+#if defined (PARANOIA) >+ /* change uid to the specified one */ >+ >+ if (set_gid) { >+ if (setgroups (0, (void *)0)) >+ log_fatal ("setgroups: %m"); >+ if (setgid (set_gid)) >+ log_fatal ("setgid(%d): %m", (int) set_gid); >+ } >+ >+ if (set_uid) { >+ if (setuid (set_uid)) >+ log_fatal ("setuid(%d): %m", (int) set_uid); >+ } >+#endif /* PARANOIA */ >+ > /* Read previous pid file. */ > if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { > status = read(i, pbuf, (sizeof pbuf) - 1); >@@ -1035,6 +1140,10 @@ > #else /* !DHCPv6 */ > " [-cf config-file] [-lf lease-file]\n" > #endif /* DHCPv6 */ >+#if defined (PARANOIA) >+ /* meld into the following string */ >+ "\n [-user user] [-group group] [-chroot dir]" >+#endif /* PARANOIA */ > #if defined (TRACING) > " [-tf trace-output-file]\n" > " [-play trace-input-file]\n"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=164245">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 205214
:
150152
|
164239
|
164240
|
164242
|
164243
| 164245
