diff options
| author |   henning <henning@openbsd.org> | 2004-04-15 23:20:42 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2004-04-15 23:20:42 +0000 |
| commit | 8d5b94c2b93357ffdae5646643d7c9a512611a24 (patch) | |
| tree | 130336095507d518ce9a4d6c1a25979314322b08 | |
| parent | do not close and re-open the leases file all the time, instead open it once (diff) | |
| download | wireguard-openbsd-8d5b94c2b93357ffdae5646643d7c9a512611a24.tar.xz wireguard-openbsd-8d5b94c2b93357ffdae5646643d7c9a512611a24.zip | |
chroot and drop privileges after startup
| -rw-r--r-- | usr.sbin/dhcpd/dhcpd.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/usr.sbin/dhcpd/dhcpd.c b/usr.sbin/dhcpd/dhcpd.c index 5a0b3bf4a0a..bab0e1251c9 100644 --- a/usr.sbin/dhcpd/dhcpd.c +++ b/usr.sbin/dhcpd/dhcpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpd.c,v 1.10 2004/04/15 08:34:20 jmc Exp $ */ +/* $OpenBSD: dhcpd.c,v 1.11 2004/04/15 23:20:42 henning Exp $ */ /* * Copyright (c) 2004 Henning Brauer <henning@cvs.openbsd.org> @@ -40,6 +40,7 @@ */ #include "dhcpd.h" +#include "pwd.h" void usage(void); @@ -63,6 +64,7 @@ main(int argc, char *argv[]) int ch, status; int cftest = 0, quiet = 0, daemonize = 1; struct servent *ent; + struct passwd *pw; extern char *__progname; /* Initially, log errors to stderr as well as to syslogd. */ @@ -146,10 +148,23 @@ main(int argc, char *argv[]) discover_interfaces(DISCOVER_SERVER); icmp_startup(1, lease_pinged); + if ((pw = getpwnam("_dhcp")) == NULL) + error("%m"); + log_perror = 0; if (daemonize) daemon(0, 0); + if (chroot(_PATH_VAREMPTY) == -1) + error("chroot %s: %m", _PATH_VAREMPTY); + if (chdir("/") == -1) + error("chdir(\"/\"): %m"); + if (setgroups(1, &pw->pw_gid) || + setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) + error("can't drop privileges: %m"); + endpwent(); + bootp_packet_handler = do_packet; dispatch(); |