From 40f7adae3c036072a05c8d69f7116af1057da301 Mon Sep 17 00:00:00 2001 From: Andreas Ehmanns Date: Thu, 28 Apr 2022 09:46:41 +0200 Subject: [PATCH] package/dhcp: add security options to DHCP server I was trying to make the ISC dhcp daemon more secure by using the -user and -group option to let dhcp server run as non-root user. Unfortunately these options are not available when building ISC dhcp server with buildroot. The reason is, that the configure script must be called with the option --enable-paranoia to activate these options. But this option is not set in the dhcp.mk file. To be backward compatible I added a new option to the dhcp's Config.in file to enable this feature when desired and parse this option in dhcp.mk. Signed-off-by: Andreas Ehmanns [yann.morin.1998@free.fr: fix check-package] Signed-off-by: Yann E. MORIN --- package/dhcp/Config.in | 8 ++++++++ package/dhcp/dhcp.mk | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/package/dhcp/Config.in b/package/dhcp/Config.in index e0706efafb..adc19dec07 100644 --- a/package/dhcp/Config.in +++ b/package/dhcp/Config.in @@ -25,6 +25,14 @@ config BR2_PACKAGE_DHCP_SERVER_DELAYED_ACK help Enable delayed ACK feature in the ISC DHCP server. +config BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA + bool "Enable paranoia options" + depends on BR2_PACKAGE_DHCP_SERVER + help + Add option --enable-paranoia to configure script. This + activates additional server options (-user, -group and + -chroot) to make dhcp server more secure. + config BR2_PACKAGE_DHCP_RELAY bool "dhcp relay" help diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk index f815c6c802..b73137506d 100644 --- a/package/dhcp/dhcp.mk +++ b/package/dhcp/dhcp.mk @@ -78,6 +78,10 @@ ifeq ($(BR2_PACKAGE_DHCP_SERVER_DELAYED_ACK),y) DHCP_CONF_OPTS += --enable-delayed-ack endif +ifeq ($(BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA),y) +DHCP_CONF_OPTS += --enable-paranoia +endif + define DHCP_INSTALL_LIBS $(MAKE) -C $(@D)/bind install-bind DESTDIR=$(TARGET_DIR) $(MAKE) -C $(@D)/common install-exec DESTDIR=$(TARGET_DIR)