dhcp/dhcp-4.1.1-paranoia.diff

diff --git a/server/dhcpd.c b/server/dhcpd.c
index f0cacb6..6e30d33 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -210,7 +210,11 @@ static void omapi_listener_start (void *foo)
 #if defined (PARANOIA)
 /* to be used in one of two possible scenarios */
 static void setup_chroot (char *chroot_dir) {
-  if (geteuid())
+  /*
+  ** getuid() instead of geteuid(), see
+  ** comment by thomas@suse.de bellow
+  */
+  if (getuid())
     log_fatal ("you must be root to use chroot");
 
   if (chroot(chroot_dir)) {
@@ -402,7 +406,7 @@ main(int argc, char **argv) {
 				log_fatal ("Insufficient memory to %s %s: %s",
 					   "record interface", argv [i],
 					   isc_result_totext (result));
-			strcpy (tmp -> name, argv [i]);
+			strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1);
 			if (interfaces) {
 				interface_reference (&tmp -> next,
 						     interfaces, MDL);
@@ -487,7 +491,15 @@ main(int argc, char **argv) {
 	if (set_user) {
 		struct passwd *tmp_pwd;
 
-		if (geteuid())
+		/*
+		** I query for the real UID and not for the effective UID
+		** just to force the user to run this server as root and
+		** not setting it suid. It should be a paranoia patch and
+		** not a teletubbie patch. *eg*
+		** Note: That the user is still able to set it suid! *zitter*
+		** thomas@suse.de
+		*/
+		if (getuid())
 			log_fatal ("you must be root to set user");
 
 		if (!(tmp_pwd = getpwnam(set_user)))
@@ -505,7 +517,10 @@ main(int argc, char **argv) {
 #define group real_group
 		struct group *tmp_grp;
 
-		if (geteuid())
+		/*
+		** getuid() instead of geteuid(), see above
+		*/
+		if (getuid())
 			log_fatal ("you must be root to set group");
 
 		if (!(tmp_grp = getgrnam(set_group)))
@@ -751,6 +766,7 @@ main(int argc, char **argv) {
 	/* change uid to the specified one */
 
 	if (set_gid) {
+		/* setgroups is done, OK */
 		if (setgroups (0, (void *)0))
 			log_fatal ("setgroups: %m");
 		if (setgid (set_gid))