OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2530 Commits
1 Branch
0 Tags
34 MiB
Tree: 4a9f947b5b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4a9f947b5b'
${ noResults }
rocklinux/package/base/dhcp/dhcp-3.0+paranoia.patch

233 lines
6.3 KiB
Raw Normal View History

hm git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@946 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
21 years ago
  1. # --- ROCK-COPYRIGHT-NOTE-BEGIN ---
  2. #
  3. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  4. # Please add additional copyright information _after_ the line containing
  5. # the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by
  6. # the ./scripts/Create-CopyPatch script. Do not edit this copyright text!
  7. #
  8. # ROCK Linux: rock-src/package/base/dhcp/dhcp-3.0+paranoia.patch
  9. # ROCK Linux is Copyright (C) 1998 - 2003 Clifford Wolf
  10. #
  11. # This program is free software; you can redistribute it and/or modify
  12. # it under the terms of the GNU General Public License as published by
  13. # the Free Software Foundation; either version 2 of the License, or
  14. # (at your option) any later version. A copy of the GNU General Public
  15. # License can be found at Documentation/COPYING.
  16. #
  17. # Many people helped and are helping developing ROCK Linux. Please
  18. # have a look at http://www.rocklinux.org/ and the Documentation/TEAM
  19. # file for details.
  20. #
  21. # --- ROCK-COPYRIGHT-NOTE-END ---
  23. borrowed from ari edelkind's site
  24. http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch
  26. ---
  28. paranoia (non-root/chroot) patch for ISC dhcp 3.0
  29. file to patch: dhcp-3.0/server/dhcpd.c
  31. update from paranoia patch for ISC dhcp 2.0
  33. Adds 3 options:
  35. -user <user>
  36. -group <group>
  37. -chroot <chroot_dir>
  39. Notes:
  40. -DPARANOIA must be passed as an argument to the --copts option
  41. of configure. Otherwise, the paranoia code will not be compiled
  42. in. Example: ./configure --copts -DPARANOIA
  44. The chroot() call has been delayed in order to allow /dev/log to
  45. be reopened after the configuration file has been read. This is
  46. beneficial for systems on which /dev/log is a unix domain socket.
  47. The main side effect is that dhcpd.conf should be placed in /etc,
  48. instead of <chroot_dir>/etc.
  50. If dhcpd is to be run on a sysV-style architecture (or, more
  51. generally, if /dev/log is a character device), one may opt to
  52. create the <chroot_dir>/dev/log character device and add
  53. -DEARLY_CHROOT to the --copts option of configure (in addition to
  54. -DPARANOIA). This will perform the chroot() call at the earliest
  55. convenience (before reading the configuration file).
  57. If the -user option is used, the lease and pid file directories
  58. should be writable to the server process after it drops
  59. privileges.
  62. ari edelkind (12/10/2001)
  63. last modified 12/10/2001
  66. --- dhcp-3.0/server/dhcpd.c Thu Jun 21 22:12:58 2001
  67. +++ dhcp-3.0+paranoia/server/dhcpd.c Wed Oct 17 08:23:00 2001
  68. @@ -56,6 +56,16 @@
  69. #include "version.h"
  70. #include <omapip/omapip_p.h>
  72. +#if defined (PARANOIA)
  73. +# include <sys/types.h>
  74. +# include <unistd.h>
  75. +# include <pwd.h>
  76. +/* get around the ISC declaration of group */
  77. +# define group real_group
  78. +# include <grp.h>
  79. +# undef group
  80. +#endif /* PARANOIA */
  81. +
  82. static void usage PROTO ((void));
  84. TIME cur_time;
  85. @@ -204,6 +214,22 @@
  86. omapi_object_dereference (&listener, MDL);
  87. }
  89. +#if defined (PARANOIA)
  90. +/* to be used in one of two possible scenarios */
  91. +static void setup_chroot (char *chroot_dir) {
  92. + if (geteuid())
  93. + log_fatal ("you must be root to use chroot");
  94. +
  95. + if (chroot(chroot_dir)) {
  96. + log_fatal ("chroot(\"%s\"): %m", chroot_dir);
  97. + }
  98. + if (chdir ("/")) {
  99. + /* probably permission denied */
  100. + log_fatal ("chdir(\"/\"): %m");
  101. + }
  102. +}
  103. +#endif /* PARANOIA */
  104. +
  105. int main (argc, argv, envp)
  106. int argc;
  107. char **argv, **envp;
  108. @@ -236,6 +262,14 @@
  109. char *traceinfile = (char *)0;
  110. char *traceoutfile = (char *)0;
  111. #endif
  112. +#if defined (PARANOIA)
  113. + char *set_user = 0;
  114. + char *set_group = 0;
  115. + char *set_chroot = 0;
  116. +
  117. + uid_t set_uid = 0;
  118. + gid_t set_gid = 0;
  119. +#endif /* PARANOIA */
  121. /* Make sure we have stdin, stdout and stderr. */
  122. status = open ("/dev/null", O_RDWR);
  123. @@ -298,6 +332,20 @@
  124. if (++i == argc)
  125. usage ();
  126. server = argv [i];
  127. +#if defined (PARANOIA)
  128. + } else if (!strcmp (argv [i], "-user")) {
  129. + if (++i == argc)
  130. + usage ();
  131. + set_user = argv [i];
  132. + } else if (!strcmp (argv [i], "-group")) {
  133. + if (++i == argc)
  134. + usage ();
  135. + set_group = argv [i];
  136. + } else if (!strcmp (argv [i], "-chroot")) {
  137. + if (++i == argc)
  138. + usage ();
  139. + set_chroot = argv [i];
  140. +#endif /* PARANOIA */
  141. } else if (!strcmp (argv [i], "-cf")) {
  142. if (++i == argc)
  143. usage ();
  144. @@ -397,6 +445,44 @@
  145. trace_seed_stop, MDL);
  146. #endif
  148. +#if defined (PARANOIA)
  149. + /* get user and group info if those options were given */
  150. + if (set_user) {
  151. + struct passwd *tmp_pwd;
  152. +
  153. + if (geteuid())
  154. + log_fatal ("you must be root to set user");
  155. +
  156. + if (!(tmp_pwd = getpwnam(set_user)))
  157. + log_fatal ("no such user: %s", set_user);
  158. +
  159. + set_uid = tmp_pwd->pw_uid;
  160. +
  161. + /* use the user's group as the default gid */
  162. + if (!set_group)
  163. + set_gid = tmp_pwd->pw_gid;
  164. + }
  165. +
  166. + if (set_group) {
  167. +/* get around the ISC declaration of group */
  168. +#define group real_group
  169. + struct group *tmp_grp;
  170. +
  171. + if (geteuid())
  172. + log_fatal ("you must be root to set group");
  173. +
  174. + if (!(tmp_grp = getgrnam(set_group)))
  175. + log_fatal ("no such group: %s", set_group);
  176. +
  177. + set_gid = tmp_grp->gr_gid;
  178. +#undef group
  179. + }
  180. +
  181. +# if defined (EARLY_CHROOT)
  182. + if (set_chroot) setup_chroot (set_chroot);
  183. +# endif /* EARLY_CHROOT */
  184. +#endif /* PARANOIA */
  185. +
  186. /* Default to the DHCP/BOOTP port. */
  187. if (!local_port)
  188. {
  189. @@ -500,6 +586,10 @@
  191. postconf_initialization (quiet);
  193. +#if defined (PARANOIA) && !defined (EARLY_CHROOT)
  194. + if (set_chroot) setup_chroot (set_chroot);
  195. +#endif /* PARANOIA && !EARLY_CHROOT */
  196. +
  197. /* test option should cause an early exit */
  198. if (cftest && !lftest)
  199. exit(0);
  200. @@ -543,6 +633,22 @@
  201. exit (0);
  202. }
  204. +#if defined (PARANOIA)
  205. + /* change uid to the specified one */
  206. +
  207. + if (set_gid) {
  208. + if (setgroups (0, (void *)0))
  209. + log_fatal ("setgroups: %m");
  210. + if (setgid (set_gid))
  211. + log_fatal ("setgid(%d): %m", (int) set_gid);
  212. + }
  213. +
  214. + if (set_uid) {
  215. + if (setuid (set_uid))
  216. + log_fatal ("setuid(%d): %m", (int) set_uid);
  217. + }
  218. +#endif /* PARANOIA */
  219. +
  220. /* Read previous pid file. */
  221. if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
  222. status = read (i, pbuf, (sizeof pbuf) - 1);
  223. @@ -888,6 +994,10 @@
  225. log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
  226. "\n [-cf config-file] [-lf lease-file]",
  227. +#if defined (PARANOIA)
  228. + /* meld into the following string */
  229. + "\n [-user user] [-group group] [-chroot dir]"
  230. +#endif /* PARANOIA */
  231. #if defined (TRACING)
  232. "\n [-tf trace-output-file]",
  233. "\n [-play trace-input-file]",