54343e
diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.8
54343e
--- dhcp-4.2.2b1/client/dhclient.8.capability	2011-07-01 15:09:06.603784531 +0200
54343e
+++ dhcp-4.2.2b1/client/dhclient.8	2011-07-01 15:09:06.663783913 +0200
54343e
@@ -118,6 +118,9 @@ dhclient - Dynamic Host Configuration Pr
54343e
 .B -w
54343e
 ]
54343e
 [
54343e
+.B -nc
54343e
+]
54343e
+[
54343e
 .B -B
54343e
 ]
54343e
 [
54343e
@@ -296,6 +299,32 @@ has been added or removed, so that the c
54343e
 address on that interface.
54343e
 
54343e
 .TP
54343e
+.BI \-nc
54343e
+Do not drop capabilities.
54343e
+
54343e
+Normally, if
54343e
+.B dhclient
54343e
+was compiled with libcap-ng support,
54343e
+.B dhclient
54343e
+drops most capabilities immediately upon startup.  While more secure,
54343e
+this greatly restricts the additional actions that hooks in
54343e
+.B dhclient-script (8)
54343e
+can take.  (For example, any daemons that 
54343e
+.B dhclient-script (8)
54343e
+starts or restarts will inherit the restricted capabilities as well,
54343e
+which may interfere with their correct operation.)  Thus, the
54343e
+.BI \-nc
54343e
+option can be used to prevent
54343e
+.B dhclient
54343e
+from dropping capabilities.
54343e
+
54343e
+The
54343e
+.BI \-nc
54343e
+option is ignored if
54343e
+.B dhclient
54343e
+was not compiled with libcap-ng support.
54343e
+
54343e
+.TP
54343e
 .BI \-B
54343e
 Set the BOOTP broadcast flag in request packets so servers will always
54343e
 broadcast replies.
54343e
diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.c
54343e
--- dhcp-4.2.2b1/client/dhclient.c.capability	2011-07-01 15:09:06.644784107 +0200
54343e
+++ dhcp-4.2.2b1/client/dhclient.c	2011-07-01 15:09:06.664783903 +0200
54343e
@@ -39,6 +39,10 @@
54343e
 #include <limits.h>
54343e
 #include <dns/result.h>
54343e
 
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+#include <cap-ng.h>
54343e
+#endif
54343e
+
54343e
 /*
54343e
  * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
54343e
  * that when building ISC code.
54343e
@@ -141,6 +145,9 @@ main(int argc, char **argv) {
54343e
 	int timeout_arg = 0;
54343e
 	char *arg_conf = NULL;
54343e
 	int arg_conf_len = 0;
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+	int keep_capabilities = 0;
54343e
+#endif
54343e
 
54343e
 	/* Initialize client globals. */
54343e
 	memset(&default_duid, 0, sizeof(default_duid));
54343e
@@ -410,6 +417,10 @@ main(int argc, char **argv) {
54343e
 			}
54343e
 
54343e
 			dhclient_request_options = argv[i];
54343e
+		} else if (!strcmp(argv[i], "-nc")) {
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+			keep_capabilities = 1;
54343e
+#endif
54343e
 		} else if (argv[i][0] == '-') {
54343e
 		    usage();
54343e
 		} else if (interfaces_requested < 0) {
54343e
@@ -458,6 +469,19 @@ main(int argc, char **argv) {
54343e
 		path_dhclient_script = s;
54343e
 	}
54343e
 
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+	/* Drop capabilities */
54343e
+	if (!keep_capabilities) {
54343e
+		capng_clear(CAPNG_SELECT_CAPS);
54343e
+		capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
54343e
+				CAP_DAC_OVERRIDE); // Drop this someday
54343e
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
54343e
+				CAP_NET_ADMIN, CAP_NET_RAW,
54343e
+				CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1);
54343e
+		capng_apply(CAPNG_SELECT_CAPS);
54343e
+	}
54343e
+#endif
54343e
+
54343e
 	/* Set up the initial dhcp option universe. */
54343e
 	initialize_common_option_spaces();
54343e
 
54343e
diff -up dhcp-4.2.2b1/client/dhclient-script.8.capability dhcp-4.2.2b1/client/dhclient-script.8
54343e
--- dhcp-4.2.2b1/client/dhclient-script.8.capability	2011-07-01 15:09:06.604784521 +0200
54343e
+++ dhcp-4.2.2b1/client/dhclient-script.8	2011-07-01 15:09:06.666783883 +0200
54343e
@@ -239,6 +239,16 @@ repeatedly initialized to the values pro
54343e
 the other.   Assuming the information provided by both servers is
54343e
 valid, this shouldn't cause any real problems, but it could be
54343e
 confusing.
54343e
+.PP
54343e
+Normally, if dhclient was compiled with libcap-ng support,
54343e
+dhclient drops most capabilities immediately upon startup.
54343e
+While more secure, this greatly restricts the additional actions that
54343e
+hooks in dhclient-script can take. For example, any daemons that
54343e
+dhclient-script starts or restarts will inherit the restricted
54343e
+capabilities as well, which may interfere with their correct operation.
54343e
+Thus, the
54343e
+.BI \-nc
54343e
+option can be used to prevent dhclient from dropping capabilities.
54343e
 .SH SEE ALSO
54343e
 dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
54343e
 dhclient.leases(5).
54343e
diff -up dhcp-4.2.2b1/client/Makefile.am.capability dhcp-4.2.2b1/client/Makefile.am
54343e
--- dhcp-4.2.2b1/client/Makefile.am.capability	2011-07-01 15:09:06.526785327 +0200
54343e
+++ dhcp-4.2.2b1/client/Makefile.am	2011-07-01 15:09:06.667783873 +0200
54343e
@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c 
54343e
 		   scripts/netbsd scripts/nextstep scripts/openbsd \
54343e
 		   scripts/solaris scripts/openwrt
54343e
 dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
54343e
-		 $(BIND9_LIBDIR) -ldns-export -lisc-export
54343e
+		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
54343e
 man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
54343e
 EXTRA_DIST = $(man_MANS)
54343e
 
54343e
diff -up dhcp-4.2.2b1/configure.ac.capability dhcp-4.2.2b1/configure.ac
54343e
--- dhcp-4.2.2b1/configure.ac.capability	2011-07-01 15:09:06.527785317 +0200
54343e
+++ dhcp-4.2.2b1/configure.ac	2011-07-01 15:09:06.667783873 +0200
54343e
@@ -449,6 +449,41 @@ AC_TRY_LINK(
54343e
 # Look for optional headers.
54343e
 AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
54343e
 
54343e
+# look for capabilities library
54343e
+AC_ARG_WITH(libcap-ng,
54343e
+    [  --with-libcap-ng=[auto/yes/no]  Add Libcap-ng support [default=auto]],,
54343e
+    with_libcap_ng=auto)
54343e
+
54343e
+# Check for Libcap-ng API
54343e
+#
54343e
+# libcap-ng detection
54343e
+if test x$with_libcap_ng = xno ; then
54343e
+    have_libcap_ng=no;
54343e
+else
54343e
+    # Start by checking for header file
54343e
+    AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
54343e
+
54343e
+    # See if we have libcap-ng library
54343e
+    AC_CHECK_LIB(cap-ng, capng_clear,
54343e
+                 CAPNG_LDADD=-lcap-ng,)
54343e
+
54343e
+    # Check results are usable
54343e
+    if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
54343e
+       AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
54343e
+    fi
54343e
+    if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
54343e
+       AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
54343e
+    fi
54343e
+fi
54343e
+AC_SUBST(CAPNG_LDADD)
54343e
+AC_MSG_CHECKING(whether to use libcap-ng)
54343e
+if test x$CAPNG_LDADD != x ; then
54343e
+    AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
54343e
+    AC_MSG_RESULT(yes)
54343e
+else
54343e
+    AC_MSG_RESULT(no)
54343e
+fi
54343e
+
54343e
 # Solaris needs some libraries for functions
54343e
 AC_SEARCH_LIBS(socket, [socket])
54343e
 AC_SEARCH_LIBS(inet_ntoa, [nsl])
54343e
diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c
54343e
--- dhcp-4.2.2b1/relay/dhcrelay.c.capability	2011-07-01 15:09:06.626784295 +0200
54343e
+++ dhcp-4.2.2b1/relay/dhcrelay.c	2011-07-01 15:12:05.362223794 +0200
54343e
@@ -36,6 +36,11 @@
54343e
 #include <syslog.h>
54343e
 #include <sys/time.h>
54343e
 
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+#  include <cap-ng.h>
54343e
+   int keep_capabilities = 0;
54343e
+#endif
54343e
+
54343e
 TIME default_lease_time = 43200; /* 12 hours... */
54343e
 TIME max_lease_time = 86400; /* 24 hours... */
54343e
 struct tree_cache *global_options[256];
54343e
@@ -356,6 +361,10 @@ main(int argc, char **argv) {
54343e
 			sl->next = upstreams;
54343e
 			upstreams = sl;
54343e
 #endif
54343e
+		} else if (!strcmp(argv[i], "-nc")) {
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+			keep_capabilities = 1;
54343e
+#endif
54343e
 		} else if (!strcmp(argv[i], "-pf")) {
54343e
 			if (++i == argc)
54343e
 				usage();
54343e
@@ -426,6 +435,17 @@ main(int argc, char **argv) {
54343e
 #endif
54343e
 	}
54343e
 
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+	/* Drop capabilities */
54343e
+	if (!keep_capabilities) {
54343e
+		capng_clear(CAPNG_SELECT_BOTH);
54343e
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
54343e
+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
54343e
+		capng_apply(CAPNG_SELECT_BOTH);
54343e
+		log_info ("Dropped all unnecessary capabilities.");
54343e
+	}
54343e
+#endif
54343e
+
54343e
 	if (!quiet) {
54343e
 		log_info("%s %s", message, PACKAGE_VERSION);
54343e
 		log_info(copyright);
54343e
@@ -573,6 +593,15 @@ main(int argc, char **argv) {
54343e
 		dhcpv6_packet_handler = do_packet6;
54343e
 #endif
54343e
 
54343e
+#ifdef HAVE_LIBCAP_NG
54343e
+	/* Drop all capabilities */
54343e
+	if (!keep_capabilities) {
54343e
+		capng_clear(CAPNG_SELECT_BOTH);
54343e
+		capng_apply(CAPNG_SELECT_BOTH);
54343e
+		log_info ("Dropped all capabilities.");
54343e
+	}
54343e
+#endif
54343e
+
54343e
 	/* Start dispatching packets and timeouts... */
54343e
 	dispatch();
54343e
 
54343e
diff -up dhcp-4.2.2b1/relay/Makefile.am.capability dhcp-4.2.2b1/relay/Makefile.am
54343e
--- dhcp-4.2.2b1/relay/Makefile.am.capability	2011-07-01 15:09:06.546785121 +0200
54343e
+++ dhcp-4.2.2b1/relay/Makefile.am	2011-07-01 15:09:06.670783841 +0200
54343e
@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
54343e
 sbin_PROGRAMS = dhcrelay
54343e
 dhcrelay_SOURCES = dhcrelay.c
54343e
 dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
54343e
-		 $(BIND9_LIBDIR) -ldns-export -lisc-export
54343e
+		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
54343e
 man_MANS = dhcrelay.8
54343e
 EXTRA_DIST = $(man_MANS)
54343e