could users of the isc dhcp please test this patch.
thanks,
jakob
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/isc-dhcp/Makefile,v
retrieving revision 1.11
diff -u -u -r1.11 Makefile
--- Makefile 16 Aug 2005 18:28:55 -0000 1.11
+++ Makefile 23 Mar 2006 15:27:55 -0000
@@ -6,6 +6,7 @@
VERSION= 3.0.3
DISTNAME= isc-dhcp-${VERSION}
+PKGNAME= isc-dhcp-${VERSION}p0
CATEGORIES= net
DISTFILES= dhcp-${VERSION}.tar.gz
@@ -37,9 +38,12 @@
EXAMPLEDIR= share/examples/isc-dhcp
+do-configure:
+ cd ${WRKSRC} && ./configure \
+ --copts "${CONFIGURE_ARGS} -DPARANOIA -DEARLY_CHROOT ${CFLAGS}"
+
post-extract:
@sed s,y0y0y0,${PREFIX}, < ${FILESDIR}/site.conf > ${WRKSRC}/site.conf
-
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLEDIR}
Index: patches/patch-paranoia
===================================================================
RCS file: patches/patch-paranoia
diff -N patches/patch-paranoia
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-paranoia 23 Mar 2006 15:27:55 -0000
@@ -0,0 +1,168 @@
+--- server/dhcpd.c Thu Jun 21 22:12:58 2001
++++ server/dhcpd.c Wed Oct 17 08:23:00 2001
+@@ -56,6 +56,16 @@
+ #include "version.h"
+ #include <omapip/omapip_p.h>
+
++#if defined (PARANOIA)
++# include <sys/types.h>
++# include <unistd.h>
++# include <pwd.h>
++/* get around the ISC declaration of group */
++# define group real_group
++# include <grp.h>
++# undef group
++#endif /* PARANOIA */
++
+ static void usage PROTO ((void));
+
+ TIME cur_time;
+@@ -204,6 +214,22 @@
+ omapi_object_dereference (&listener, MDL);
+ }
+
++#if defined (PARANOIA)
++/* to be used in one of two possible scenarios */
++static void setup_chroot (char *chroot_dir) {
++ if (geteuid())
++ log_fatal ("you must be root to use chroot");
++
++ if (chroot(chroot_dir)) {
++ log_fatal ("chroot(\"%s\"): %m", chroot_dir);
++ }
++ if (chdir ("/")) {
++ /* probably permission denied */
++ log_fatal ("chdir(\"/\"): %m");
++ }
++}
++#endif /* PARANOIA */
++
+ int main (argc, argv, envp)
+ int argc;
+ char **argv, **envp;
+@@ -236,6 +262,14 @@
+ char *traceinfile = (char *)0;
+ char *traceoutfile = (char *)0;
+ #endif
++#if defined (PARANOIA)
++ char *set_user = 0;
++ char *set_group = 0;
++ char *set_chroot = 0;
++
++ uid_t set_uid = 0;
++ gid_t set_gid = 0;
++#endif /* PARANOIA */
+
+ /* Make sure we have stdin, stdout and stderr. */
+ status = open ("/dev/null", O_RDWR);
+@@ -298,6 +332,20 @@
+ if (++i == argc)
+ usage ();
+ server = argv [i];
++#if defined (PARANOIA)
++ } else if (!strcmp (argv [i], "-user")) {
++ if (++i == argc)
++ usage ();
++ set_user = argv [i];
++ } else if (!strcmp (argv [i], "-group")) {
++ if (++i == argc)
++ usage ();
++ set_group = argv [i];
++ } else if (!strcmp (argv [i], "-chroot")) {
++ if (++i == argc)
++ usage ();
++ set_chroot = argv [i];
++#endif /* PARANOIA */
+ } else if (!strcmp (argv [i], "-cf")) {
+ if (++i == argc)
+ usage ();
+@@ -397,6 +445,44 @@
+ trace_seed_stop, MDL);
+ #endif
+
++#if defined (PARANOIA)
++ /* get user and group info if those options were given */
++ if (set_user) {
++ struct passwd *tmp_pwd;
++
++ if (geteuid())
++ log_fatal ("you must be root to set user");
++
++ if (!(tmp_pwd = getpwnam(set_user)))
++ log_fatal ("no such user: %s", set_user);
++
++ set_uid = tmp_pwd->pw_uid;
++
++ /* use the user's group as the default gid */
++ if (!set_group)
++ set_gid = tmp_pwd->pw_gid;
++ }
++
++ if (set_group) {
++/* get around the ISC declaration of group */
++#define group real_group
++ struct group *tmp_grp;
++
++ if (geteuid())
++ log_fatal ("you must be root to set group");
++
++ if (!(tmp_grp = getgrnam(set_group)))
++ log_fatal ("no such group: %s", set_group);
++
++ set_gid = tmp_grp->gr_gid;
++#undef group
++ }
++
++# if defined (EARLY_CHROOT)
++ if (set_chroot) setup_chroot (set_chroot);
++# endif /* EARLY_CHROOT */
++#endif /* PARANOIA */
++
+ /* Default to the DHCP/BOOTP port. */
+ if (!local_port)
+ {
+@@ -500,6 +586,10 @@
+
+ postconf_initialization (quiet);
+
++#if defined (PARANOIA) && !defined (EARLY_CHROOT)
++ if (set_chroot) setup_chroot (set_chroot);
++#endif /* PARANOIA && !EARLY_CHROOT */
++
+ /* test option should cause an early exit */
+ if (cftest && !lftest)
+ exit(0);
+@@ -543,6 +633,22 @@
+ exit (0);
+ }
+
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
++
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
+ /* Read previous pid file. */
+ if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ status = read (i, pbuf, (sizeof pbuf) - 1);
+@@ -888,6 +994,10 @@
+
+ log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
+ "\n [-cf config-file] [-lf lease-file]",
++#if defined (PARANOIA)
++ /* meld into the following string */
++ "\n [-user user] [-group group] [-chroot dir]"
++#endif /* PARANOIA */
+ #if defined (TRACING)
+ "\n [-tf trace-output-file]",
+ "\n [-play trace-input-file]",
Index: patches/patch-paranoia_perms
===================================================================
RCS file: patches/patch-paranoia_perms
diff -N patches/patch-paranoia_perms
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-paranoia_perms 23 Mar 2006 15:27:55 -0000
@@ -0,0 +1,15 @@
+--- server/dhcpd.c 2003-11-05 14:08:09.000000000 -0800
++++ server/dhcpd.c 2003-11-05 14:15:32.000000000 -0800
+@@ -602,6 +602,12 @@
+ if (lftest)
+ exit (0);
+
++#if defined (PARANOIA)
++ /* Set proper permissions... */
++ if (lchown (path_dhcpd_db, set_uid, set_gid))
++ log_fatal ("lchown(%s, %d, %d): %m", path_dhcpd_db, (int)
set_uid, (int) set_gid);
++#endif /* PARANOIA */
++
+ /* Discover all the network interfaces and initialize them. */
+ discover_interfaces (DISCOVER_SERVER);
+
