d059c507b7
and enabled Restart=on-abort (fate#315133).
- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.5:
- Tidy up receive packet processing.
Thanks to Brad Plank of GTA for reporting the issue and
suggesting a possible patch. [ISC-Bugs #34447]
- Fix the socket handling for DHCPv6 clients to allow multiple
instances of a client on a single machine to work properly.
Previously only one client would receive the packets.
Thanks to Jiri Popelka at Red Hat for the bug report and a
potential patch. [ISC-Bugs #34784]
- Added support for gentle shutdown after signal is received.
[ISC-Bugs #32692] [ISC-Bugs 34945]
- Enhance the DHCPv6 server logging to include the addresses
that are assigned to the clients. This can be enabled by
defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377]
- Fix an operation in the DDNS code to be a bitwise instead
of logical or. [ISC-Bugs #35138]
- Merged patches for dhcp-4.2.6 version to apply without fuzzy,
prepended patch number prefixes to match spec file patch nr,
added patch markup tags / bug numbers to the spec file.
- Applied contrib-lease-path pach to contrib.tar.gz
[- contrib-lease-path.diff]
- Changed to require automake and use its config.sub and guess
files instead of maintaining a patch.
[- config-guess-sub-update.patch]
- Enabled to log DHCPv6 addresses assigned by server to clients
[+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]
- Cleaned up documentation, rpmlint adjustments.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=121
76 lines
2.2 KiB
Diff
76 lines
2.2 KiB
Diff
From 1561b8cb9bacabc5e6064b84ba7a187bfb97d0ad Mon Sep 17 00:00:00 2001
|
|
From: Marius Tomaschewski <mt@suse.de>
|
|
Date: Thu, 18 Aug 2011 09:53:00 +0200
|
|
Subject: [PATCH] dhcp-4.1.1-paranoia
|
|
|
|
---
|
|
server/dhcpd.c | 24 ++++++++++++++++++++----
|
|
1 file changed, 20 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/server/dhcpd.c b/server/dhcpd.c
|
|
index 7dc7dd2..b4c1bef 100644
|
|
--- a/server/dhcpd.c
|
|
+++ b/server/dhcpd.c
|
|
@@ -207,7 +207,11 @@ static void omapi_listener_start (void *foo)
|
|
#if defined (PARANOIA)
|
|
/* to be used in one of two possible scenarios */
|
|
static void setup_chroot (char *chroot_dir) {
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** getuid() instead of geteuid(), see
|
|
+ ** comment by thomas@suse.de bellow
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to use chroot");
|
|
|
|
if (chroot(chroot_dir)) {
|
|
@@ -413,7 +417,7 @@ main(int argc, char **argv) {
|
|
log_fatal ("Insufficient memory to %s %s: %s",
|
|
"record interface", argv [i],
|
|
isc_result_totext (result));
|
|
- strcpy (tmp -> name, argv [i]);
|
|
+ strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1);
|
|
if (interfaces) {
|
|
interface_reference (&tmp -> next,
|
|
interfaces, MDL);
|
|
@@ -499,7 +503,15 @@ main(int argc, char **argv) {
|
|
if (set_user) {
|
|
struct passwd *tmp_pwd;
|
|
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** I query for the real UID and not for the effective UID
|
|
+ ** just to force the user to run this server as root and
|
|
+ ** not setting it suid. It should be a paranoia patch and
|
|
+ ** not a teletubbie patch. *eg*
|
|
+ ** Note: That the user is still able to set it suid! *zitter*
|
|
+ ** thomas@suse.de
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to set user");
|
|
|
|
if (!(tmp_pwd = getpwnam(set_user)))
|
|
@@ -517,7 +529,10 @@ main(int argc, char **argv) {
|
|
#define group real_group
|
|
struct group *tmp_grp;
|
|
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** getuid() instead of geteuid(), see above
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to set group");
|
|
|
|
if (!(tmp_grp = getgrnam(set_group)))
|
|
@@ -771,6 +786,7 @@ main(int argc, char **argv) {
|
|
/* change uid to the specified one */
|
|
|
|
if (set_gid) {
|
|
+ /* setgroups is done, OK */
|
|
if (setgroups (0, (void *)0))
|
|
log_fatal ("setgroups: %m");
|
|
if (setgid (set_gid))
|
|
--
|
|
1.8.4
|
|
|