package/dhcp: add security options to DHCP server

I was trying to make the ISC dhcp daemon more secure by using the
-user and -group option to let dhcp server run as non-root user.
Unfortunately these options are not available when building ISC dhcp
server with buildroot.
The reason is, that the configure script must be called with the
option --enable-paranoia to activate these options. But this option
is not set in the dhcp.mk file.

To be backward compatible I added a new option to the dhcp's Config.in
file to enable this feature when desired and parse this option in
dhcp.mk.

Signed-off-by: Andreas Ehmanns <universeiii@gmx.de>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dhcp/Config.in

@@ -25,6 +25,14 @@ config BR2_PACKAGE_DHCP_SERVER_DELAYED_ACK
 	help
 	  Enable delayed ACK feature in the ISC DHCP server.
 
+config BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA
+	bool "Enable paranoia options"
+	depends on BR2_PACKAGE_DHCP_SERVER
+	help
+	  Add option --enable-paranoia to configure script. This
+	  activates additional server options (-user, -group and
+	  -chroot) to make dhcp server more secure.
+
 config BR2_PACKAGE_DHCP_RELAY
 	bool "dhcp relay"
 	help

package/dhcp/dhcp.mk

@@ -78,6 +78,10 @@ ifeq ($(BR2_PACKAGE_DHCP_SERVER_DELAYED_ACK),y)
 DHCP_CONF_OPTS += --enable-delayed-ack
 endif
 
+ifeq ($(BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA),y)
+DHCP_CONF_OPTS += --enable-paranoia
+endif
+
 define DHCP_INSTALL_LIBS
 	$(MAKE) -C $(@D)/bind install-bind DESTDIR=$(TARGET_DIR)
 	$(MAKE) -C $(@D)/common install-exec DESTDIR=$(TARGET_DIR)