this patch adds a 'droppriv' FLAVOR to net/isc-dhcp using the 'isc dhcpd 3.0 paranoia patch' [1]
can it be included into the port? I've been using this patch for a very long time now both with openbsd and linux without any problems whatsoever. it is also used by default in gentoo's portage to patch dhcp. [1] http://www.episec.com/people/edelkind/patches/ cheers, peter
--- isc-dhcp.orig/Makefile Thu Aug 18 13:39:35 2005
+++ isc-dhcp/Makefile Mon Oct 3 18:04:22 2005
@@ -33,13 +33,23 @@ NO_REGRESS= Yes
MULTI_PACKAGES= -omapi -client
SUBPACKAGE?=
+FLAVORS= droppriv
+FLAVOR?=
+
CONFIGURE_STYLE= simple
EXAMPLEDIR= share/examples/isc-dhcp
+PATCH_LIST= patch-Makefile_conf
+
post-extract:
@sed s,y0y0y0,${PREFIX}, < ${FILESDIR}/site.conf > ${WRKSRC}/site.conf
+.if ${FLAVOR:L:Mdroppriv}
+PATCH_LIST+= patch-paranoia patch-paranoia_perms
+do-configure:
+ cd ${WRKSRC} && ./configure --copts "${CONFIGURE_ARGS} -DPARANOIA
-DEARLY_CHROOT ${CFLAGS}"
+.endif
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLEDIR}
paranoia (non-root/chroot) patch for ISC dhcp 3.0
file to patch: dhcp-3.0/server/dhcpd.c
update from paranoia patch for ISC dhcp 2.0
Adds 3 options:
-user <user>
-group <group>
-chroot <chroot_dir>
Notes:
-DPARANOIA must be passed as an argument to the --copts option
of configure. Otherwise, the paranoia code will not be compiled
in. Example: ./configure --copts -DPARANOIA
The chroot() call has been delayed in order to allow /dev/log to
be reopened after the configuration file has been read. This is
beneficial for systems on which /dev/log is a unix domain socket.
The main side effect is that dhcpd.conf should be placed in /etc,
instead of <chroot_dir>/etc.
If dhcpd is to be run on a sysV-style architecture (or, more
generally, if /dev/log is a character device), one may opt to
create the <chroot_dir>/dev/log character device and add
-DEARLY_CHROOT to the --copts option of configure (in addition to
-DPARANOIA). This will perform the chroot() call at the earliest
convenience (before reading the configuration file).
If the -user option is used, the lease and pid file directories
should be writable to the server process after it drops
privileges.
ari edelkind (12/10/2001)
last modified 12/10/2001
--- server/dhcpd.c Thu Jun 21 22:12:58 2001
+++ server/dhcpd.c Wed Oct 17 08:23:00 2001
@@ -56,6 +56,16 @@
#include "version.h"
#include <omapip/omapip_p.h>
+#if defined (PARANOIA)
+# include <sys/types.h>
+# include <unistd.h>
+# include <pwd.h>
+/* get around the ISC declaration of group */
+# define group real_group
+# include <grp.h>
+# undef group
+#endif /* PARANOIA */
+
static void usage PROTO ((void));
TIME cur_time;
@@ -204,6 +214,22 @@
omapi_object_dereference (&listener, MDL);
}
+#if defined (PARANOIA)
+/* to be used in one of two possible scenarios */
+static void setup_chroot (char *chroot_dir) {
+ if (geteuid())
+ log_fatal ("you must be root to use chroot");
+
+ if (chroot(chroot_dir)) {
+ log_fatal ("chroot(\"%s\"): %m", chroot_dir);
+ }
+ if (chdir ("/")) {
+ /* probably permission denied */
+ log_fatal ("chdir(\"/\"): %m");
+ }
+}
+#endif /* PARANOIA */
+
int main (argc, argv, envp)
int argc;
char **argv, **envp;
@@ -236,6 +262,14 @@
char *traceinfile = (char *)0;
char *traceoutfile = (char *)0;
#endif
+#if defined (PARANOIA)
+ char *set_user = 0;
+ char *set_group = 0;
+ char *set_chroot = 0;
+
+ uid_t set_uid = 0;
+ gid_t set_gid = 0;
+#endif /* PARANOIA */
/* Make sure we have stdin, stdout and stderr. */
status = open ("/dev/null", O_RDWR);
@@ -298,6 +332,20 @@
if (++i == argc)
usage ();
server = argv [i];
+#if defined (PARANOIA)
+ } else if (!strcmp (argv [i], "-user")) {
+ if (++i == argc)
+ usage ();
+ set_user = argv [i];
+ } else if (!strcmp (argv [i], "-group")) {
+ if (++i == argc)
+ usage ();
+ set_group = argv [i];
+ } else if (!strcmp (argv [i], "-chroot")) {
+ if (++i == argc)
+ usage ();
+ set_chroot = argv [i];
+#endif /* PARANOIA */
} else if (!strcmp (argv [i], "-cf")) {
if (++i == argc)
usage ();
@@ -397,6 +445,44 @@
trace_seed_stop, MDL);
#endif
+#if defined (PARANOIA)
+ /* get user and group info if those options were given */
+ if (set_user) {
+ struct passwd *tmp_pwd;
+
+ if (geteuid())
+ log_fatal ("you must be root to set user");
+
+ if (!(tmp_pwd = getpwnam(set_user)))
+ log_fatal ("no such user: %s", set_user);
+
+ set_uid = tmp_pwd->pw_uid;
+
+ /* use the user's group as the default gid */
+ if (!set_group)
+ set_gid = tmp_pwd->pw_gid;
+ }
+
+ if (set_group) {
+/* get around the ISC declaration of group */
+#define group real_group
+ struct group *tmp_grp;
+
+ if (geteuid())
+ log_fatal ("you must be root to set group");
+
+ if (!(tmp_grp = getgrnam(set_group)))
+ log_fatal ("no such group: %s", set_group);
+
+ set_gid = tmp_grp->gr_gid;
+#undef group
+ }
+
+# if defined (EARLY_CHROOT)
+ if (set_chroot) setup_chroot (set_chroot);
+# endif /* EARLY_CHROOT */
+#endif /* PARANOIA */
+
/* Default to the DHCP/BOOTP port. */
if (!local_port)
{
@@ -500,6 +586,10 @@
postconf_initialization (quiet);
+#if defined (PARANOIA) && !defined (EARLY_CHROOT)
+ if (set_chroot) setup_chroot (set_chroot);
+#endif /* PARANOIA && !EARLY_CHROOT */
+
/* test option should cause an early exit */
if (cftest && !lftest)
exit(0);
@@ -543,6 +633,22 @@
exit (0);
}
+#if defined (PARANOIA)
+ /* change uid to the specified one */
+
+ if (set_gid) {
+ if (setgroups (0, (void *)0))
+ log_fatal ("setgroups: %m");
+ if (setgid (set_gid))
+ log_fatal ("setgid(%d): %m", (int) set_gid);
+ }
+
+ if (set_uid) {
+ if (setuid (set_uid))
+ log_fatal ("setuid(%d): %m", (int) set_uid);
+ }
+#endif /* PARANOIA */
+
/* Read previous pid file. */
if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
status = read (i, pbuf, (sizeof pbuf) - 1);
@@ -888,6 +994,10 @@
log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
"\n [-cf config-file] [-lf lease-file]",
+#if defined (PARANOIA)
+ /* meld into the following string */
+ "\n [-user user] [-group group] [-chroot dir]"
+#endif /* PARANOIA */
#if defined (TRACING)
"\n [-tf trace-output-file]",
"\n [-play trace-input-file]",
--- server/dhcpd.c 2003-11-05 14:08:09.000000000 -0800
+++ server/dhcpd.c 2003-11-05 14:15:32.000000000 -0800
@@ -602,6 +602,12 @@
if (lftest)
exit (0);
+#if defined (PARANOIA)
+ /* Set proper permissions... */
+ if (lchown (path_dhcpd_db, set_uid, set_gid))
+ log_fatal ("lchown(%s, %d, %d): %m", path_dhcpd_db, (int)
set_uid, (int) set_gid);
+#endif /* PARANOIA */
+
/* Discover all the network interfaces and initialize them. */
discover_interfaces (DISCOVER_SERVER);
signature.asc
Description: OpenPGP digital signature
