[Bug 727837] Re: dhcp3-server fails to drop privileges properly

Tue Jun 26 19:19:00 UTC 2012

** No longer affects: dhcp3 (Ubuntu Dapper)

** No longer affects: dhcp3 (Ubuntu Natty)

** No longer affects: dhcp3 (Ubuntu Karmic)

** No longer affects: isc-dhcp (Ubuntu Maverick)

** No longer affects: isc-dhcp (Ubuntu Lucid)

** No longer affects: isc-dhcp (Ubuntu Karmic)

** No longer affects: dhcp3 (Ubuntu Maverick)

** No longer affects: isc-dhcp (Ubuntu Dapper)

** No longer affects: isc-dhcp (Ubuntu Hardy)

** Also affects: dhcp3 (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: isc-dhcp (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: dhcp3 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: isc-dhcp (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: dhcp3 (Ubuntu Quantal)
   Importance: Undecided
       Status: Confirmed

** Also affects: isc-dhcp (Ubuntu Quantal)
   Importance: Undecided
       Status: Confirmed

** No longer affects: dhcp3 (Ubuntu Quantal)

** No longer affects: dhcp3 (Ubuntu Precise)

** No longer affects: dhcp3 (Ubuntu Oneiric)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/727837

Title:
  dhcp3-server fails to drop privileges properly

Status in “dhcp3” package in Ubuntu:
  Confirmed
Status in “isc-dhcp” package in Ubuntu:
  Confirmed
Status in “dhcp3” source package in Lucid:
  Confirmed
Status in “isc-dhcp” source package in Natty:
  Confirmed
Status in “isc-dhcp” source package in Oneiric:
  New
Status in “isc-dhcp” source package in Precise:
  New
Status in “isc-dhcp” source package in Quantal:
  Confirmed
Status in “dhcp3” source package in Hardy:
  Confirmed

Bug description:
  Binary package hint: dhcp3-server

  In debian/patches/droppriv.dpatch there is some privilege dropping
  code in function drop_privileges(). This fails to drop privileges of
  root-group and does not initialize the groups properly.

  One can test this by adding:

  on commit {
    execute("/usr/local/bin/dhcp_group_test");
  }

  to /etc/dhcp3/dhcpd.conf, and then write
  /usr/local/bin/dhcp_group_test to log the output of "id" to some file.
  (You may wish to turn apparmor off for this test, but it can be done
  with it as well). The output should read:

  uid=112(dhcpd) gid=120(dhcpd) groups=0(root)

  This means that dhcp will retain the root-group privileges and is
  missing other groups that a user may have possibly defined for it.

  The fix would be to use either initgroups() or setgroups() function
  properly in drop_privileges(). Doing this should also fix this bug:
  https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/341817

  This is:

  Description:	Ubuntu 10.04.1 LTS
  Release:	10.04

  dhcp3-server:
    Installed: 3.1.3-2ubuntu3
    Candidate: 3.1.3-2ubuntu3
    Version table:
   *** 3.1.3-2ubuntu3 0
          500 http://mirror.opinsys.fi/ubuntu/ lucid/main Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions