[dhcp] dhcpd needs to chown leases file created before de-rooting itself (#866714)
Jiří Popelka
jpopelka at fedoraproject.org
Wed Oct 17 14:41:48 UTC 2012
commit 58a3b6ca5db9af95ebfa1184fd1089da3c4a825b
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Wed Oct 17 10:45:23 2012 +0200
dhcpd needs to chown leases file created before de-rooting itself (#866714)
dhcp-4.2.3-paranoia.patch | 49 -------------
dhcp-4.2.4-paranoia.patch | 164 +++++++++++++++++++++++++++++++++++++++++++++
dhcp.spec | 12 ++-
3 files changed, 172 insertions(+), 53 deletions(-)
---
diff --git a/dhcp-4.2.4-paranoia.patch b/dhcp-4.2.4-paranoia.patch
new file mode 100644
index 0000000..513579d
--- /dev/null
+++ b/dhcp-4.2.4-paranoia.patch
@@ -0,0 +1,164 @@
+diff -up dhcp-4.2.4-P2/client/dhclient.c.paranoia dhcp-4.2.4-P2/client/dhclient.c
+--- dhcp-4.2.4-P2/client/dhclient.c.paranoia 2012-10-16 15:56:41.562001524 +0200
++++ dhcp-4.2.4-P2/client/dhclient.c 2012-10-16 15:56:42.106994294 +0200
+@@ -1696,11 +1696,6 @@ int write_host (host)
+ return 0;
+ }
+
+-void db_startup (testp)
+- int testp;
+-{
+-}
+-
+ void bootp (packet)
+ struct packet *packet;
+ {
+diff -up dhcp-4.2.4-P2/includes/dhcpd.h.paranoia dhcp-4.2.4-P2/includes/dhcpd.h
+--- dhcp-4.2.4-P2/includes/dhcpd.h.paranoia 2012-10-16 15:56:41.784998564 +0200
++++ dhcp-4.2.4-P2/includes/dhcpd.h 2012-10-16 15:56:42.108994268 +0200
+@@ -2793,7 +2793,11 @@ void commit_leases_timeout (void *);
+ void commit_leases_readerdry(void *);
+ int commit_leases (void);
+ int commit_leases_timed (void);
++#if defined (PARANOIA)
++void db_startup (int, uid_t, gid_t);
++#else
+ void db_startup (int);
++#endif /* PARANOIA */
+ int new_lease_file (void);
+ int group_writer (struct group_object *);
+ int write_ia(const struct ia_xx *);
+diff -up dhcp-4.2.4-P2/server/confpars.c.paranoia dhcp-4.2.4-P2/server/confpars.c
+--- dhcp-4.2.4-P2/server/confpars.c.paranoia 2012-10-16 15:56:39.052034671 +0200
++++ dhcp-4.2.4-P2/server/confpars.c 2012-10-16 15:56:42.109994255 +0200
+@@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty
+ }
+
+ if (!leaseconf_initialized && ttype == trace_readleases_type) {
++#if defined (PARANOIA)
++ db_startup (0, 0, 0);
++#else
+ db_startup (0);
++#endif /* PARANOIA */
+ leaseconf_initialized = 1;
+ postdb_startup ();
+ }
+diff -up dhcp-4.2.4-P2/server/db.c.paranoia dhcp-4.2.4-P2/server/db.c
+--- dhcp-4.2.4-P2/server/db.c.paranoia 2012-10-16 15:56:39.062034541 +0200
++++ dhcp-4.2.4-P2/server/db.c 2012-10-16 15:56:42.110994242 +0200
+@@ -47,6 +47,10 @@ static int counting = 0;
+ static int count = 0;
+ TIME write_time;
+ int lease_file_is_corrupt = 0;
++#if defined (PARANOIA)
++uid_t global_set_uid = 0;
++gid_t global_set_gid = 0;
++#endif /* PARANOIA */
+
+ /* Write a single binding scope value in parsable format.
+ */
+@@ -1027,8 +1031,11 @@ int commit_leases_timed()
+ return (1);
+ }
+
+-void db_startup (testp)
+- int testp;
++#if defined (PARANOIA)
++void db_startup (int testp, uid_t set_uid, gid_t set_gid)
++#else
++void db_startup (int testp)
++#endif /* PARANOIA */
+ {
+ isc_result_t status;
+
+@@ -1047,6 +1054,11 @@ void db_startup (testp)
+ }
+ #endif
+
++#if defined (PARANOIA)
++ global_set_uid = set_uid;
++ global_set_gid = set_gid;
++#endif /* PARANOIA */
++
+ #if defined (TRACING)
+ /* If we're playing back, there is no lease file, so we can't
+ append it, so we create one immediately (maybe this isn't
+@@ -1109,6 +1121,17 @@ int new_lease_file ()
+ log_error ("Can't create new lease file: %m");
+ return 0;
+ }
++
++#if defined (PARANOIA)
++ if (global_set_uid && !geteuid() &&
++ global_set_gid && !getegid())
++ if (fchown(db_fd, global_set_uid, global_set_gid)) {
++ log_fatal ("Can't chown new lease file: %m");
++ close(db_fd);
++ goto fdfail;
++ }
++#endif /* PARANOIA */
++
+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
+ log_error("Can't fdopen new lease file: %m");
+ close(db_fd);
+diff -up dhcp-4.2.4-P2/server/dhcpd.c.paranoia dhcp-4.2.4-P2/server/dhcpd.c
+--- dhcp-4.2.4-P2/server/dhcpd.c.paranoia 2012-10-16 15:56:39.180032998 +0200
++++ dhcp-4.2.4-P2/server/dhcpd.c 2012-10-16 16:01:52.822804493 +0200
+@@ -700,7 +700,11 @@ main(int argc, char **argv) {
+ group_write_hook = group_writer;
+
+ /* Start up the database... */
++#if defined (PARANOIA)
++ db_startup (lftest, set_uid, set_gid);
++#else
+ db_startup (lftest);
++#endif /* PARANOIA */
+
+ if (lftest)
+ exit (0);
+@@ -771,22 +775,6 @@ main(int argc, char **argv) {
+ exit (0);
+ }
+
+-#if defined (PARANOIA)
+- /* change uid to the specified one */
+-
+- if (set_gid) {
+- if (setgroups (0, (void *)0))
+- log_fatal ("setgroups: %m");
+- if (setgid (set_gid))
+- log_fatal ("setgid(%d): %m", (int) set_gid);
+- }
+-
+- if (set_uid) {
+- if (setuid (set_uid))
+- log_fatal ("setuid(%d): %m", (int) set_uid);
+- }
+-#endif /* PARANOIA */
+-
+ /*
+ * Deal with pid files. If the user told us
+ * not to write a file we don't read one either
+@@ -823,6 +811,22 @@ main(int argc, char **argv) {
+ }
+ }
+
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
++
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
+ /* If we were requested to log to stdout on the command line,
+ keep doing so; otherwise, stop. */
+ if (log_perror == -1)
diff --git a/dhcp.spec b/dhcp.spec
index e520462..a196008 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -18,7 +18,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.4
-Release: 18.%{patchver}%{?dist}
+Release: 19.%{patchver}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -63,7 +63,7 @@ Patch28: dhcp-4.2.2-remove-bind.patch
Patch29: dhcp-4.2.4-P1-remove-dst.patch
Patch30: dhcp-4.2.2-sharedlib.patch
Patch31: dhcp-4.2.4-PPP.patch
-Patch32: dhcp-4.2.3-paranoia.patch
+Patch32: dhcp-4.2.4-paranoia.patch
Patch33: dhcp-4.2.4-lpf-ib.patch
Patch34: dhcp-4.2.4-improved-xid.patch
Patch35: dhcp-4.2.2-gpxe-cid.patch
@@ -276,8 +276,9 @@ rm -rf includes/isc-dhcp
# DHCPv6 over PPP support (#626514)
%patch31 -p1 -b .PPP
-# Write PID file BEFORE changing of the effective user/group ID.
-# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
+# dhcpd: BEFORE changing of the effective user/group ID:
+# - write PID file (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
+# - chown leases file (#866714)
%patch32 -p1 -b .paranoia
# IPoIB support (#660681)
@@ -557,6 +558,9 @@ fi
%changelog
+* Wed Oct 17 2012 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.4-19.P2
+- dhcpd needs to chown leases file created before de-rooting itself (#866714)
+
* Thu Oct 11 2012 Adam Tkac <atkac redhat com> - 12:4.2.4-18.P2
- rebuild against new bind-libs-lite
More information about the scm-commits
mailing list