1 diff -up dhcp-4.2.5/client/dhclient.c.paranoia dhcp-4.2.5/client/dhclient.c
2 --- dhcp-4.2.5/client/dhclient.c.paranoia 2013-03-26 13:14:50.574542083 +0100
3 +++ dhcp-4.2.5/client/dhclient.c 2013-03-26 13:14:50.584541964 +0100
4 @@ -1698,11 +1698,6 @@ int write_host (host)
8 -void db_startup (testp)
14 struct packet *packet;
16 diff -up dhcp-4.2.5/includes/dhcpd.h.paranoia dhcp-4.2.5/includes/dhcpd.h
17 --- dhcp-4.2.5/includes/dhcpd.h.paranoia 2013-03-26 13:14:50.576542059 +0100
18 +++ dhcp-4.2.5/includes/dhcpd.h 2013-03-26 13:14:50.585541952 +0100
19 @@ -2798,7 +2798,11 @@ void commit_leases_timeout (void *);
20 void commit_leases_readerdry(void *);
21 int commit_leases (void);
22 int commit_leases_timed (void);
23 +#if defined (PARANOIA)
24 +void db_startup (int, uid_t, gid_t);
26 void db_startup (int);
27 +#endif /* PARANOIA */
28 int new_lease_file (void);
29 int group_writer (struct group_object *);
30 int write_ia(const struct ia_xx *);
31 diff -up dhcp-4.2.5/server/confpars.c.paranoia dhcp-4.2.5/server/confpars.c
32 --- dhcp-4.2.5/server/confpars.c.paranoia 2013-03-26 13:14:50.522542705 +0100
33 +++ dhcp-4.2.5/server/confpars.c 2013-03-26 13:14:50.587541928 +0100
34 @@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty
37 if (!leaseconf_initialized && ttype == trace_readleases_type) {
38 +#if defined (PARANOIA)
39 + db_startup (0, 0, 0);
42 +#endif /* PARANOIA */
43 leaseconf_initialized = 1;
46 diff -up dhcp-4.2.5/server/db.c.paranoia dhcp-4.2.5/server/db.c
47 --- dhcp-4.2.5/server/db.c.paranoia 2013-03-26 13:14:50.522542705 +0100
48 +++ dhcp-4.2.5/server/db.c 2013-03-26 13:14:50.588541916 +0100
49 @@ -47,6 +47,10 @@ static int counting = 0;
52 int lease_file_is_corrupt = 0;
53 +#if defined (PARANOIA)
54 +uid_t global_set_uid = 0;
55 +gid_t global_set_gid = 0;
56 +#endif /* PARANOIA */
58 /* Write a single binding scope value in parsable format.
60 @@ -1026,8 +1030,11 @@ int commit_leases_timed()
64 -void db_startup (testp)
66 +#if defined (PARANOIA)
67 +void db_startup (int testp, uid_t set_uid, gid_t set_gid)
69 +void db_startup (int testp)
70 +#endif /* PARANOIA */
74 @@ -1046,6 +1053,11 @@ void db_startup (testp)
78 +#if defined (PARANOIA)
79 + global_set_uid = set_uid;
80 + global_set_gid = set_gid;
81 +#endif /* PARANOIA */
84 /* If we're playing back, there is no lease file, so we can't
85 append it, so we create one immediately (maybe this isn't
86 @@ -1108,6 +1120,17 @@ int new_lease_file ()
87 log_error ("Can't create new lease file: %m");
91 +#if defined (PARANOIA)
92 + if (global_set_uid && !geteuid() &&
93 + global_set_gid && !getegid())
94 + if (fchown(db_fd, global_set_uid, global_set_gid)) {
95 + log_fatal ("Can't chown new lease file: %m");
99 +#endif /* PARANOIA */
101 if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
102 log_error("Can't fdopen new lease file: %m");
104 diff -up dhcp-4.2.5/server/dhcpd.8.paranoia dhcp-4.2.5/server/dhcpd.8
105 --- dhcp-4.2.5/server/dhcpd.8.paranoia 2013-01-03 01:02:25.000000000 +0100
106 +++ dhcp-4.2.5/server/dhcpd.8 2013-03-26 13:28:16.576604471 +0100
107 @@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto
124 .I trace-playback-file
126 @@ -269,6 +281,15 @@ lease file.
129 Print version number and exit.
132 +Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports.
135 +Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports.
138 +Chroot to directory after processing the command line arguments, but before reading the configuration file.
140 .I Modifying default file locations:
141 The following options can be used to modify the locations
142 diff -up dhcp-4.2.5/server/dhcpd.c.paranoia dhcp-4.2.5/server/dhcpd.c
143 --- dhcp-4.2.5/server/dhcpd.c.paranoia 2013-03-26 13:14:50.523542693 +0100
144 +++ dhcp-4.2.5/server/dhcpd.c 2013-03-26 13:14:50.589541904 +0100
145 @@ -702,7 +702,11 @@ main(int argc, char **argv) {
146 group_write_hook = group_writer;
148 /* Start up the database... */
149 +#if defined (PARANOIA)
150 + db_startup (lftest, set_uid, set_gid);
153 +#endif /* PARANOIA */
157 @@ -773,22 +777,6 @@ main(int argc, char **argv) {
161 -#if defined (PARANOIA)
162 - /* change uid to the specified one */
165 - if (setgroups (0, (void *)0))
166 - log_fatal ("setgroups: %m");
167 - if (setgid (set_gid))
168 - log_fatal ("setgid(%d): %m", (int) set_gid);
172 - if (setuid (set_uid))
173 - log_fatal ("setuid(%d): %m", (int) set_uid);
175 -#endif /* PARANOIA */
178 * Deal with pid files. If the user told us
179 * not to write a file we don't read one either
180 @@ -825,6 +813,22 @@ main(int argc, char **argv) {
184 +#if defined (PARANOIA)
185 + /* change uid to the specified one */
188 + if (setgroups (0, (void *)0))
189 + log_fatal ("setgroups: %m");
190 + if (setgid (set_gid))
191 + log_fatal ("setgid(%d): %m", (int) set_gid);
195 + if (setuid (set_uid))
196 + log_fatal ("setuid(%d): %m", (int) set_uid);
198 +#endif /* PARANOIA */
200 /* If we were requested to log to stdout on the command line,
201 keep doing so; otherwise, stop. */
202 if (log_perror == -1)