[dhcp/f16] Move changing of the effective user/group ID after writing new PID file.
Jiří Popelka
jpopelka at fedoraproject.org
Thu Sep 29 12:31:10 UTC 2011
commit 2b8d321c4be9ce8106fb6a2933f1aac18729b792
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Mon Sep 12 18:30:12 2011 +0200
Move changing of the effective user/group ID after writing new PID file.
dhcp-4.2.2-options.patch | 2 +-
dhcp-4.2.2-paranoia-pid.patch | 49 +++++++++++++++++++++++++++++++++++++++++
dhcp.spec | 10 +++++++-
3 files changed, 59 insertions(+), 2 deletions(-)
---
diff --git a/dhcp-4.2.2-options.patch b/dhcp-4.2.2-options.patch
index 32e2add..054729a 100644
--- a/dhcp-4.2.2-options.patch
+++ b/dhcp-4.2.2-options.patch
@@ -138,7 +138,7 @@ diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c
+ }
+
+ if ((timeout_arg = atoi(argv[i])) <= 0) {
-+ log_error("-T timeout option must be > 0 - bad value: %s",argv[i]);
++ log_error("-timeout timeout option must be > 0 - bad value: %s",argv[i]);
+ exit(1);
+ }
+ } else if (!strcmp(argv[i], "-V")) {
diff --git a/dhcp-4.2.2-paranoia-pid.patch b/dhcp-4.2.2-paranoia-pid.patch
new file mode 100644
index 0000000..c74f4e2
--- /dev/null
+++ b/dhcp-4.2.2-paranoia-pid.patch
@@ -0,0 +1,49 @@
+diff -up dhcp-4.2.2/server/dhcpd.c.paranoia-pid dhcp-4.2.2/server/dhcpd.c
+--- dhcp-4.2.2/server/dhcpd.c.paranoia-pid 2011-09-12 16:07:01.000000000 +0200
++++ dhcp-4.2.2/server/dhcpd.c 2011-09-12 16:08:55.680988466 +0200
+@@ -791,22 +791,6 @@ main(int argc, char **argv) {
+ exit (0);
+ }
+
+-#if defined (PARANOIA)
+- /* change uid to the specified one */
+-
+- if (set_gid) {
+- if (setgroups (0, (void *)0))
+- log_fatal ("setgroups: %m");
+- if (setgid (set_gid))
+- log_fatal ("setgid(%d): %m", (int) set_gid);
+- }
+-
+- if (set_uid) {
+- if (setuid (set_uid))
+- log_fatal ("setuid(%d): %m", (int) set_uid);
+- }
+-#endif /* PARANOIA */
+-
+ /*
+ * Deal with pid files. If the user told us
+ * not to write a file we don't read one either
+@@ -843,6 +827,22 @@ main(int argc, char **argv) {
+ }
+ }
+
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
++
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
+ /* If we were requested to log to stdout on the command line,
+ keep doing so; otherwise, stop. */
+ if (log_perror == -1)
diff --git a/dhcp.spec b/dhcp.spec
index 9a25318..f2c86c8 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -19,7 +19,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.2
-Release: 6%{?dist}
+Release: 7%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -68,6 +68,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
Patch29: dhcp420-rh637017.patch
Patch30: dhcp420-sharedlib.patch
Patch31: dhcp-4.2.0-PPP.patch
+Patch32: dhcp-4.2.2-paranoia-pid.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -303,6 +304,10 @@ rm bind/bind.tar.gz
# DHCPv6 over PPP support (#626514)
%patch31 -p1 -b .PPP
+# Move changing of the effective user/group ID after writing new PID file.
+# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
+%patch32 -p1 -b .paranoia-pid
+
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
%{__install} -p -m 0644 %{SOURCE5} .
@@ -628,6 +633,9 @@ fi
%{_initddir}/dhcrelay
%changelog
+* Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-7
+- Move changing of the effective user/group ID after writing new PID file.
+
* Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-6
- PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same
More information about the scm-commits
mailing list