Marius Tomaschewski
b6b28d718d
release, providing DHCPv6 client/server/relay implementation. The programs act in DHCPv6 mode, when the -6 start option is set. We install separate init scripts with a 6 at the end to handle them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is also a link to the binaries with a 6 at the end, e.g. dhclient6, making it visible, that the installed version supports DHCPv6. - Moved additional documentation to a separate dhcp-doc package. - Changed to provide config files and scripts as source files instead of patches to the ISC scripts. - Adopted spec file and config/scripts, merged in all patches. - Implemented RFC 3442 classless static routes support in the dhclient-script (bnc#555870). OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=15
64 lines
1.9 KiB
Diff
64 lines
1.9 KiB
Diff
diff --git a/server/dhcpd.c b/server/dhcpd.c
|
|
index f0cacb6..6e30d33 100644
|
|
--- a/server/dhcpd.c
|
|
+++ b/server/dhcpd.c
|
|
@@ -210,7 +210,11 @@ static void omapi_listener_start (void *foo)
|
|
#if defined (PARANOIA)
|
|
/* to be used in one of two possible scenarios */
|
|
static void setup_chroot (char *chroot_dir) {
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** getuid() instead of geteuid(), see
|
|
+ ** comment by thomas@suse.de bellow
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to use chroot");
|
|
|
|
if (chroot(chroot_dir)) {
|
|
@@ -402,7 +406,7 @@ main(int argc, char **argv) {
|
|
log_fatal ("Insufficient memory to %s %s: %s",
|
|
"record interface", argv [i],
|
|
isc_result_totext (result));
|
|
- strcpy (tmp -> name, argv [i]);
|
|
+ strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1);
|
|
if (interfaces) {
|
|
interface_reference (&tmp -> next,
|
|
interfaces, MDL);
|
|
@@ -487,7 +491,15 @@ main(int argc, char **argv) {
|
|
if (set_user) {
|
|
struct passwd *tmp_pwd;
|
|
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** I query for the real UID and not for the effective UID
|
|
+ ** just to force the user to run this server as root and
|
|
+ ** not setting it suid. It should be a paranoia patch and
|
|
+ ** not a teletubbie patch. *eg*
|
|
+ ** Note: That the user is still able to set it suid! *zitter*
|
|
+ ** thomas@suse.de
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to set user");
|
|
|
|
if (!(tmp_pwd = getpwnam(set_user)))
|
|
@@ -505,7 +517,10 @@ main(int argc, char **argv) {
|
|
#define group real_group
|
|
struct group *tmp_grp;
|
|
|
|
- if (geteuid())
|
|
+ /*
|
|
+ ** getuid() instead of geteuid(), see above
|
|
+ */
|
|
+ if (getuid())
|
|
log_fatal ("you must be root to set group");
|
|
|
|
if (!(tmp_grp = getgrnam(set_group)))
|
|
@@ -751,6 +766,7 @@ main(int argc, char **argv) {
|
|
/* change uid to the specified one */
|
|
|
|
if (set_gid) {
|
|
+ /* setgroups is done, OK */
|
|
if (setgroups (0, (void *)0))
|
|
log_fatal ("setgroups: %m");
|
|
if (setgid (set_gid))
|