Date: Tue, 15 Oct 2019 06:41:36 +0800 From: Ben Woods <woodsb02@gmail.com> To: Brooks Davis <brooks@freebsd.org>, "roy@marples.name" <roy@marples.name> Cc: Hiroki Sato <hrs@freebsd.org>, driesm.michiels@gmail.com, freebsd-net@freebsd.org Subject: Re: DHCPv6 client in base Message-ID: <CAOc73CBffOK8QgsO8OUxhz1PCVdAmR9=UdZYQaq6B-FasWLSUA@mail.gmail.com> In-Reply-To: <20191011174520.GC53377@spindle.one-eyed-alien.net> References: <001e01d50b49$176104d0$46230e70$@gmail.com> <20190516.032012.517661495892269813.hrs@allbsd.org> <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com> <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com> <20191011174520.GC53377@spindle.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 Oct 2019 at 1:45 am, Brooks Davis <brooks@freebsd.org> wrote: > DHCP is one of the most exposed attack surfaces in existence. We expect > it to take input from explicitly untrustworthy networks and perform > actions as root. It might be OK to import this as a stopgap only > supporting IPv6, but without capsicum or privilege separation (as noted > elsewhere in the thread) it seems unlikely to be a good idea enable it > by default or replace the existing IPv4 dhclient. > > -- Brooks > Hi Brooks, Thanks for the feedback. Roy Marples (the main dhcpcd) has already begun working on privilege separating dhcpcd based on your feedback. Have you or Roy got any thoughts on how the privilege separation might be structured? - main process - network listener - packer interpreter - hook runner and scripts It=E2=80=99s obviously the packet interpreter that is the risky part, but d= oes not need privileges. FreeBSD has the =E2=80=9C_dhcp=E2=80=9D user which I assume could be used f= or running these low privilege tasks? Roy is not intending to work on capsicum support in dhcpcd, but I think once the privilege separation has been done it will be easier to add that support. Regards, Ben --=20 -- From: Benjamin Woods woodsb02@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CBffOK8QgsO8OUxhz1PCVdAmR9=UdZYQaq6B-FasWLSUA>