From: Shawn Routhier Date: Wed, 15 Jul 2015 21:24:07 +0000 (-0700) Subject: [v4_1_esv] Add fchown to the paranoia patch X-Git-Tag: v4_1_esv_r12b1~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=76b3f18bde8324333a923514542f04fc2a7fc0db;p=thirdparty%2Fdhcp.git [v4_1_esv] Add fchown to the paranoia patch Add code to fchown the lease file to the paranoia patch to avoid having issues with a file that the server can't manipulate. --- diff --git a/RELNOTES b/RELNOTES index 971ba0722..2a1055649 100644 --- a/RELNOTES +++ b/RELNOTES @@ -125,7 +125,13 @@ by Eric Young (eay@cryptsoft.com). with the next entry in the lease file. [ISC-Bugs #39314] +- Enhance the PARANOIA patch to include fchown() the lease file to + allow it to be manipulated after the server does a chown(). + Thanks to Jiri Popelka at Red Hat for the patch. + [ISC-Bugs #36978] + Changes since 4.1-ESV-R11rc2 + - None Changes since 4.1-ESV-R11rc1 diff --git a/includes/dhcpd.h b/includes/dhcpd.h index 819c1c3cb..1f0b67c83 100644 --- a/includes/dhcpd.h +++ b/includes/dhcpd.h @@ -1689,6 +1689,11 @@ extern const char *path_dhcpd_pid; extern int dhcp_max_agent_option_packet_length; extern struct eventqueue *rw_queue_empty; +#if defined (PARANOIA) +extern uid_t set_uid; +extern gid_t set_gid; +#endif + int main(int, char **); void postconf_initialization(int); void postdb_startup(void); diff --git a/server/db.c b/server/db.c index 7186cb571..1de4867c3 100644 --- a/server/db.c +++ b/server/db.c @@ -1086,6 +1086,22 @@ int new_lease_file () log_error ("Can't create new lease file: %m"); return 0; } + +#if defined (PARANOIA) + /* + * If we are currently root and plan to change the + * uid and gid change the file information so we + * can manipulate it later, after we've changed + * our group and user (that is dropped privileges.) + */ + if ((set_uid != 0) && (geteuid() == 0) && + (set_gid != 0) && (getegid() == 0)) { + if (fchown(db_fd, set_uid, set_gid)) { + log_fatal ("Can't chown new lease file: %m"); + } + } +#endif /* PARANOIA */ + if ((new_db_file = fdopen(db_fd, "w")) == NULL) { log_error("Can't fdopen new lease file: %m"); close(db_fd); diff --git a/server/dhcpd.8 b/server/dhcpd.8 index a3e93bbcc..28687257e 100644 --- a/server/dhcpd.8 +++ b/server/dhcpd.8 @@ -78,6 +78,18 @@ dhcpd - Dynamic Host Configuration Protocol Server .B --no-pid ] [ +.B -user +.I user +] +[ +.B -group +.I group +] +[ +.B -chroot +.I dir +] +[ .B -tf .I trace-output-file ] @@ -249,6 +261,28 @@ for correct syntax, but will not attempt to perform any network operations. This can be used to test a new lease file automatically before installing it. .TP +.BI \-user \ user +Setuid to user after completing privileged operations, +such as creating sockets that listen on privileged ports. +This also causes the lease file to be owned by user. +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP +.BI \-group \ group +Setgid to group after completing privileged operations, +such as creating sockets that listen on privileged ports. +This also causes the lease file to use group. +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP +.BI \-chroot \ dir +Chroot to directory. This may occur before or after +reading the configuration files depending on whether +the code was compiled with the EARLY_CHROOT option +enabled (./configure --enable-early-chroot). +This option is only available if the code was compiled +with the PARANOIA patch (./configure --enable-paranoia). +.TP .BI \-tf \ tracefile Specify a file into which the entire startup state of the server and all the transactions it processes are logged. This can be diff --git a/server/dhcpd.c b/server/dhcpd.c index d0ebbf824..7d217c686 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -50,6 +50,10 @@ static const char url [] = # define group real_group # include # undef group + +/* global values so db.c can look at them */ +uid_t set_uid = 0; +gid_t set_gid = 0; #endif /* PARANOIA */ #ifndef UNIT_TEST @@ -204,6 +208,12 @@ static void omapi_listener_start (void *foo) omapi_object_dereference (&listener, MDL); } +#ifndef UNIT_TEST + +/* Note: If we add unit tests to test setup_chroot it will + * need to be moved to be outside the ifndef UNIT_TEST block. + */ + #if defined (PARANOIA) /* to be used in one of two possible scenarios */ static void setup_chroot (char *chroot_dir) { @@ -220,7 +230,6 @@ static void setup_chroot (char *chroot_dir) { } #endif /* PARANOIA */ -#ifndef UNIT_TEST int main(int argc, char **argv) { int fd; @@ -256,9 +265,6 @@ main(int argc, char **argv) { char *set_user = 0; char *set_group = 0; char *set_chroot = 0; - - uid_t set_uid = 0; - gid_t set_gid = 0; #endif /* PARANOIA */ /* Make sure that file descriptors 0 (stdin), 1, (stdout), and