[dhcp/f16] Write lease file AFTER changing of the effective user/group ID.
Jiří Popelka
jpopelka at fedoraproject.org
Wed Oct 26 18:17:47 UTC 2011
commit 186ec91feb2703a1c1d21ef06158e2124e44752f
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Wed Oct 26 19:40:23 2011 +0200
Write lease file AFTER changing of the effective user/group ID.
dhcp-4.2.2-paranoia-pid.patch | 49 ------------------
dhcp-4.2.3-paranoia.patch | 110 +++++++++++++++++++++++++++++++++++++++++
dhcp.spec | 18 ++++---
3 files changed, 120 insertions(+), 57 deletions(-)
---
diff --git a/dhcp-4.2.3-paranoia.patch b/dhcp-4.2.3-paranoia.patch
new file mode 100644
index 0000000..4139ce9
--- /dev/null
+++ b/dhcp-4.2.3-paranoia.patch
@@ -0,0 +1,110 @@
+diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
+--- dhcp-4.2.3/server/dhcpd.c.paranoia 2011-10-26 19:10:08.162925489 +0200
++++ dhcp-4.2.3/server/dhcpd.c 2011-10-26 19:12:34.541095509 +0200
+@@ -699,11 +699,11 @@ main(int argc, char **argv) {
+
+ group_write_hook = group_writer;
+
+- /* Start up the database... */
+- db_startup (lftest);
+-
+- if (lftest)
++ if (lftest) {
++ /* Start up the database... */
++ db_startup (lftest);
+ exit (0);
++ }
+
+ /* Discover all the network interfaces and initialize them. */
+ discover_interfaces(DISCOVER_SERVER);
+@@ -743,24 +743,6 @@ main(int argc, char **argv) {
+ #if defined (TRACING)
+ trace_seed_stash (trace_srandom, seed + cur_time);
+ #endif
+- postdb_startup ();
+-
+-#ifdef DHCPv6
+- /*
+- * Set server DHCPv6 identifier.
+- * See dhcpv6.c for discussion of setting DUID.
+- */
+- if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+- write_server_duid();
+- } else {
+- if (!server_duid_isset()) {
+- if (generate_new_server_duid() != ISC_R_SUCCESS) {
+- log_fatal("Unable to set server identifier.");
+- }
+- write_server_duid();
+- }
+- }
+-#endif /* DHCPv6 */
+
+ #ifndef DEBUG
+ if (daemon) {
+@@ -771,22 +753,6 @@ main(int argc, char **argv) {
+ exit (0);
+ }
+
+-#if defined (PARANOIA)
+- /* change uid to the specified one */
+-
+- if (set_gid) {
+- if (setgroups (0, (void *)0))
+- log_fatal ("setgroups: %m");
+- if (setgid (set_gid))
+- log_fatal ("setgid(%d): %m", (int) set_gid);
+- }
+-
+- if (set_uid) {
+- if (setuid (set_uid))
+- log_fatal ("setuid(%d): %m", (int) set_uid);
+- }
+-#endif /* PARANOIA */
+-
+ /*
+ * Deal with pid files. If the user told us
+ * not to write a file we don't read one either
+@@ -823,6 +789,42 @@ main(int argc, char **argv) {
+ }
+ }
+
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
++
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
++ db_startup(lftest);
++ postdb_startup ();
++
++#ifdef DHCPv6
++ /*
++ * Set server DHCPv6 identifier.
++ * See dhcpv6.c for discussion of setting DUID.
++ */
++ if (set_server_duid_from_option() == ISC_R_SUCCESS) {
++ write_server_duid();
++ } else {
++ if (!server_duid_isset()) {
++ if (generate_new_server_duid() != ISC_R_SUCCESS) {
++ log_fatal("Unable to set server identifier.");
++ }
++ write_server_duid();
++ }
++ }
++#endif /* DHCPv6 */
++
+ /* If we were requested to log to stdout on the command line,
+ keep doing so; otherwise, stop. */
+ if (log_perror == -1)
diff --git a/dhcp.spec b/dhcp.spec
index deb720b..714c10f 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -19,7 +19,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.3
-Release: 1%{?dist}
+Release: 2%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -68,7 +68,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
Patch29: dhcp-4.2.2-remove-bind.patch
Patch30: dhcp-4.2.2-sharedlib.patch
Patch31: dhcp-4.2.0-PPP.patch
-Patch32: dhcp-4.2.2-paranoia-pid.patch
+Patch32: dhcp-4.2.3-paranoia.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -106,8 +106,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
-easier to administer a large network. The dhcp package includes the
-ISC DHCP service and relay agent.
+easier to administer a large network.
To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides
@@ -304,9 +303,10 @@ rm bind/bind.tar.gz
# DHCPv6 over PPP support (#626514)
%patch31 -p1 -b .PPP
-# Move changing of the effective user/group ID after writing new PID file.
+# Write PID file BEFORE changing of the effective user/group ID.
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
-%patch32 -p1 -b .paranoia-pid
+# Write lease file AFTER changing of the effective user/group ID.
+%patch32 -p1 -b .paranoia
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
@@ -438,7 +438,6 @@ EOF
# DHCPv6 Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd6.conf.sample
# see dhcpd.conf(5) man page
-# run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
#
EOF
@@ -642,6 +641,9 @@ fi
%{_initddir}/dhcrelay
%changelog
+* Wed Oct 26 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-2
+- Write lease file AFTER changing of the effective user/group ID.
+
* Thu Oct 20 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-1
- 4.2.3
@@ -657,7 +659,7 @@ fi
- Hopefully last tweak of adding of user and group (#699713)
* Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-7
-- Move changing of the effective user/group ID after writing new PID file.
+- Write PID file BEFORE changing of the effective user/group ID.
* Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-6
- PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same
More information about the scm-commits
mailing list