ports/76811: [patch] Updates for net/isc-dhcp3-server running chrooted on 4.x

Sat Jan 29 11:30:17 UTC 2005

>Number:         76811
>Category:       ports
>Synopsis:       [patch] Updates for net/isc-dhcp3-server running chrooted on 4.x
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 29 11:30:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Rob <listone at deathbeforedecaf.net>
>Release:        FreeBSD 4.10-RELEASE i386
>Organization:
>Environment:
System: FreeBSD gir.0x7e.net 4.10-RELEASE FreeBSD 4.10-RELEASE #0: Mon Jan 3
03:40:44 CST 2005 rob at goo.0x7e.net:/tmp/GIR i386
Package: isc-dhcp3-server-3.0.1.r14_6

>Description:
The following comments apply to version 1.11 of
/usr/local/etc/rc.d/isc-dhcpd.sh:

1.  On 4.x, isc-dhcpd.sh always emits the warning

      WARNING: dhcpd_devfs_enable disabled -- not available

    even with dhcpd_devfs_enable=NO. Harmless, but annoying.

2.  On 4.x with dhcpd_chroot_enable=YES, the entire /dev directory is copied to
    ${dhcpd_rootdir}/dev, including mem and kmem. This could be considered a
    security risk.

3.  With dhcpd_chroot_enable=YES, DNS lookups fail due to the absence of hosts
    and resolv.conf files in ${dhcpd_rootdir}/etc. This causes DHCP requests to
    timeout if hostnames are used in dhcpd.conf(5).

    Also, log timestamps are incorrect due to the absence of
    ${dhcpd_rootdir}/etc/localtime.

>How-To-Repeat:
Build and install net/isc-dhcp3-server with the default configuration.

>Fix:
The 3 separate patches below are meant to clarify which lines belong to which
change; however, I have only tested the combined patch:

  http://deathbeforedecaf.net/misc/patches/patch-isc-dhcpd.sh (83 lines)

Please use this version for any testing.

1.  Only check for mount_devfs(8) if dhcpd_devfs_enable=YES:

	--- isc-dhcpd.sh.orig	Mon Dec 27 16:10:47 2004
	+++ isc-dhcpd.sh	Sat Jan 29 19:07:11 2005
	@@ -343,7 +343,8 @@
					err 1 "dhcpd_rootdir must be set" \
					      "if dhcpd_chroot_enable is enabled"
				fi
	-			if ! ( type mount_devfs ) > /dev/null 2>&1; then
	+			if checkyesno dhcpd_devfs_enable &&
	+			    ! ( type mount_devfs ) > /dev/null 2>&1; then
					warn "dhcpd_devfs_enable disabled" \
					     "-- not available"
					dhcpd_devfs_enable=NO

2.  Use 'MAKEDEV jail' to create devices for the chroot environment:

	--- isc-dhcpd.sh.orig	Mon Dec 27 16:10:47 2004
	+++ isc-dhcpd.sh	Sat Jan 29 19:08:26 2005
	@@ -30,6 +30,7 @@

	 dhcpd_chroot_enable=${dhcpd_chroot_enable:-"NO"}	# runs chrooted?
	 dhcpd_devfs_enable=${dhcpd_devfs_enable:-"YES"}		# devfs if available?
	+dhcpd_makedev_enable=${dhcpd_makedev_enable:-"YES"}	# use /dev/MAKEDEV?
	 dhcpd_rootdir=${dhcpd_rootdir:-/var/db/${name}}		# directory to run in

	 # untested
	@@ -441,11 +442,18 @@

	 setup_chroot ()
	 {
	+	local _mdev
	+
	+	_mdev=MAKEDEV
	+
		if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
			safe_mkdir ${_dhcpd_rootdir} ${_dhcpd_devdir}/_ ${_dhcpd_confdir}
			# XXX /_ hack! so, .../dev is root owned.
			if checkyesno dhcpd_devfs_enable; then
				safe_mount ${_dhcpd_devdir}
	+		elif checkyesno dhcpd_makedev_enable; then
	+			safe_copy ${dhcpd_devdir}/$_mdev ${_dhcpd_devdir}/$_mdev
	+			safe_run 0 sh -c "cd ${_dhcpd_devdir} && ./$_mdev jail bpf4"
			else
				safe_copy ${dhcpd_devdir} ${_dhcpd_devdir}
			fi

    BUGS: ${dhcpd_rootdir}/dev/MAKEDEV ends up owned by the dhcpd user -
    potential root exploit!

3.  Copy files from /etc to ${dhcpd_rootdir}/etc as needed:

	--- isc-dhcpd.sh.orig	Mon Dec 27 16:10:47 2004
	+++ isc-dhcpd.sh	Sat Jan 29 19:16:33 2005
	@@ -384,6 +384,7 @@
			dhcpd_rootdir=
		elif checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
			dhcpd_devdir=${__dhcpd_devdir}
	+		dhcpd_etcdir=${__dhcpd_etcdir}
		fi
	 }

	@@ -403,6 +404,7 @@
	 {
		_dhcpd_rootdir=${dhcpd_rootdir}
		_dhcpd_devdir=${dhcpd_rootdir}${dhcpd_devdir}
	+	_dhcpd_etcdir=${dhcpd_rootdir}${dhcpd_etcdir}
		_dhcpd_confdir=${dhcpd_rootdir}${dhcpd_confdir}
		_dhcpd_piddir=${dhcpd_rootdir}${dhcpd_piddir}
		_dhcpd_leasesdir=${dhcpd_rootdir}${dhcpd_leasesdir}
	@@ -441,15 +443,24 @@

	 setup_chroot ()
	 {
	+	local _hosts _ltime _rconf
	+
	+	_hosts=hosts
	+	_ltime=localtime
	+	_rconf=resolv.conf
	+
		if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then
	-		safe_mkdir ${_dhcpd_rootdir} ${_dhcpd_devdir}/_ ${_dhcpd_confdir}
	-		# XXX /_ hack! so, .../dev is root owned.
	+		safe_mkdir ${_dhcpd_rootdir} ${_dhcpd_devdir}/_ ${_dhcpd_etcdir}/_ ${_dhcpd_confdir}
	+		# XXX /_ hack! so, .../dev, .../etc is root owned.
			if checkyesno dhcpd_devfs_enable; then
				safe_mount ${_dhcpd_devdir}
			else
				safe_copy ${dhcpd_devdir} ${_dhcpd_devdir}
			fi
			safe_copy ${dhcpd_conffile} ${_dhcpd_conffile}
	+		safe_copy ${dhcpd_etcdir}/$_hosts ${_dhcpd_etcdir}/$_hosts
	+		safe_copy ${dhcpd_etcdir}/$_ltime ${_dhcpd_etcdir}/$_ltime
	+		safe_copy ${dhcpd_etcdir}/$_rconf ${_dhcpd_etcdir}/$_rconf
		fi
	 }

	@@ -650,6 +661,7 @@

	 __dhcpd_uninstall="NO"			# internal use only
	 __dhcpd_devdir=/dev			# devices directory
	+__dhcpd_etcdir=/etc			# config directory
	 __dhcpd_piddir=/var/run			# pid file directory
	 __dhcpd_leasesdir=/var/db		# leases file directory
	 #__dhcpd_rootdir=/var/db/${name}	# root directory

    BUGS: ${dhcpd_rootdir}/etc/* end up owned by the dhcpd user - same problem.

These patches are in http://deathbeforedecaf.net/misc/patches/ - please remember
that only http://deathbeforedecaf.net/misc/patches/patch-isc-dhcpd.sh has been
tested.
>Release-Note:
>Audit-Trail:
>Unformatted: