dhcp/dhcp-3.0b2pl18.paranoia.dif

--- server/dhcpd.c
+++ server/dhcpd.c	Sun Mar 18 03:58:15 2001
@@ -56,6 +56,15 @@
 #include "version.h"
 #include <omapip/omapip_p.h>
 
+#ifdef PARANOIA
+#	include <errno.h>
+#	include <pwd.h>
+/* get around the ISC's declaration of group */
+#define group  real_group
+#	include <grp.h>
+#undef group
+#endif
+
 static void usage PROTO ((void));
 
 TIME cur_time;
@@ -214,6 +223,15 @@
 	char *traceinfile = (char *)0;
 	char *traceoutfile = (char *)0;
 #endif
+#ifdef PARANOIA
+	char *set_user   = NULL;
+	char *set_group  = NULL;
+	char *set_chroot = NULL;
+
+	uid_t set_uid = 0;
+	gid_t set_gid = 0;
+#endif
+
 
 	/* Set up the client classification system. */
 	classification_setup ();
@@ -262,6 +280,20 @@
 			daemon = 0;
 #endif
 			log_perror = -1;
+#ifdef PARANOIA
+		} else if (!strcmp (argv [i], "-user")) {
+			if (++i == argc)
+				usage ();
+			set_user = argv [i];
+		} else if (!strcmp (argv [i], "-group")) {
+			if (++i == argc)
+				usage ();
+			set_group = argv [i];
+		} else if (!strcmp (argv [i], "-chroot")) {
+			if (++i == argc)
+				usage ();
+			set_chroot = argv [i];
+#endif
 		} else if (!strcmp (argv [i], "-s")) {
 			if (++i == argc)
 				usage ();
@@ -323,7 +355,7 @@
 				log_fatal ("Insufficient memory to %s %s: %s",
 					   "record interface", argv [i],
 					   isc_result_totext (result));
-			strcpy (tmp -> name, argv [i]);
+			strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1);
 			if (interfaces) {
 				interface_reference (&tmp -> next,
 						     interfaces, MDL);
@@ -384,6 +416,66 @@
 		}
 	}
   
+#ifdef PARANOIA
+	/* get user and group info if those options were given */
+	if (set_user) {
+		struct passwd *tmp_pwd;
+
+		/*
+		** I query for the real UID and not for the effective UID
+		** just to force the user to run this server as root and
+		** not setting it suid. It should be a paranoia patch and
+		** not a teletubbie patch. *eg*
+		** Note: That the user is still able to set it suid! *zitter*
+		** thomas@suse.de
+		*/
+		if (getuid())
+			error ("you must be root to set user");
+
+		if (!(tmp_pwd = getpwnam(set_user)))
+			error ("no such user: %s", set_user);
+
+		set_uid = tmp_pwd->pw_uid;
+
+		/* use the user's group as the default gid */
+		if (!set_group)
+			set_gid = tmp_pwd->pw_gid;
+		
+	}
+
+	if (set_group) {
+/* get around the ISC's declaration of group */
+#define group real_group
+		struct group *tmp_grp;
+
+		/*
+		** getuid() instead of geteuid(), see above
+		*/
+		if (getuid())
+			error ("you must be root to set group");
+
+		if (!(tmp_grp = getgrnam(set_group)))
+			error ("no such group: %s", set_group);
+
+		set_gid = tmp_grp->gr_gid;
+#undef group
+	}
+
+	if (set_chroot) {
+		if (getuid()) /* see above */
+			error ("you must be root to use chroot");
+
+		if (chroot(set_chroot) != 0) {
+			error ("chroot(\"%s\"): %s", set_chroot,
+					strerror(errno));
+		}
+		if (chdir ("/") != 0) {
+			/* probably permission denied */
+			error ("chdir(\"/\"): %s", strerror(errno));
+		}
+	}
+#endif /* PARANOIA */
+
 	remote_port = htons (ntohs (local_port) + 1);
 
 	if (server) {
@@ -587,6 +679,27 @@
 	dump_rc_history ();
 #endif
 
+#ifdef PARANOIA
+	/* change uid to the specified one */
+
+	/*
+	** common failure: forget to drop supplementary GID'S ;->
+	** thomas@suse.de
+	*/
+	
+	if (set_gid) {
+	  if(setgroups(0, NULL) < 0)
+	    error("couldn't drop supplementary groups!");
+		if (setgid (set_gid) != 0)
+			error ("couldn't set gid to %d", set_gid);
+	}	
+
+	if (set_uid) {
+		if (setuid (set_uid) != 0)
+			error ("couldn't set uid to %d", set_uid);
+	}
+#endif
+
 	/* Receive packets and dispatch them... */
 	dispatch ();
 
@@ -851,6 +964,10 @@
 
 	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
 		   "\n             [-cf config-file] [-lf lease-file]",
+#ifdef PARANOIA
+		   "\n             [-user <user>] [-group <group>]",
+		   "\n             [-chroot <dir>]",
+#endif
 #if defined (TRACING)
 		   "\n		   [-tf trace-output-file]",
 		   "\n		   [-play trace-input-file]",