[Buildroot] Enable missing security options for ISC dhcp server

[Andreas Ehmanns]

Dear all,
I was trying to make the ISC dhcp daemon more secure by using the -user
and -group option to let dhcp server run as non-root user.
Unfortunately these options are not available when building ISC dhcp
server with buildroot.
The reason is, that the configure script must be called with the
additional option --enable-paranoia to activate these options.
But this option is not set in the dhcp.mk file.

To be backward compatible I added a new option to the dhcp's Config.in
to enable this feature when desired.

If you are interested in this feature and can create a patch and send it
this list to make the change available to all buildroot users.
Let me know what you think. Below are some details.

Regards,
Andreas

1) Add this to Config.in:
config BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA
         bool "Enable paranoia options"
         depends on BR2_PACKAGE_DHCP_SERVER
         help
           Add option --enable-paranoia to configure script. This activates
           additional server options (-user, -group and -chroot) to make
dhcp server more secure.

2) And to dhcp.mk:
ifeq ($(BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA),y)
DHCP_CONF_OPTS += --enable-paranoia
endif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20220425/7d061902/attachment.html>