diff --git a/server/dhcpd.c b/server/dhcpd.c index f0cacb6..6e30d33 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c @@ -210,7 +210,11 @@ static void omapi_listener_start (void *foo) #if defined (PARANOIA) /* to be used in one of two possible scenarios */ static void setup_chroot (char *chroot_dir) { - if (geteuid()) + /* + ** getuid() instead of geteuid(), see + ** comment by thomas@suse.de bellow + */ + if (getuid()) log_fatal ("you must be root to use chroot"); if (chroot(chroot_dir)) { @@ -402,7 +406,7 @@ main(int argc, char **argv) { log_fatal ("Insufficient memory to %s %s: %s", "record interface", argv [i], isc_result_totext (result)); - strcpy (tmp -> name, argv [i]); + strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1); if (interfaces) { interface_reference (&tmp -> next, interfaces, MDL); @@ -487,7 +491,15 @@ main(int argc, char **argv) { if (set_user) { struct passwd *tmp_pwd; - if (geteuid()) + /* + ** I query for the real UID and not for the effective UID + ** just to force the user to run this server as root and + ** not setting it suid. It should be a paranoia patch and + ** not a teletubbie patch. *eg* + ** Note: That the user is still able to set it suid! *zitter* + ** thomas@suse.de + */ + if (getuid()) log_fatal ("you must be root to set user"); if (!(tmp_pwd = getpwnam(set_user))) @@ -505,7 +517,10 @@ main(int argc, char **argv) { #define group real_group struct group *tmp_grp; - if (geteuid()) + /* + ** getuid() instead of geteuid(), see above + */ + if (getuid()) log_fatal ("you must be root to set group"); if (!(tmp_grp = getgrnam(set_group))) @@ -751,6 +766,7 @@ main(int argc, char **argv) { /* change uid to the specified one */ if (set_gid) { + /* setgroups is done, OK */ if (setgroups (0, (void *)0)) log_fatal ("setgroups: %m"); if (setgid (set_gid))