Date: Sat, 25 May 2002 23:27:50 +0930 From: "Rob" <rob@deathbeforedecaf.net> To: <freebsd-questions@FreeBSD.ORG> Subject: dhcpd and security Message-ID: <005b01c203f4$28e03100$a4b826cb@goo>
next in thread | raw e-mail | index | archive | help
Hi, I'm running a DHCP server on the inside interface of a gateway. Since it's the only service there (besides SSH) I'd like to tie it down as much as possible. The default behaviour of the isc-dhcp-2 port is to run as root, and AFAIK the isc-dhcp-3 port does the same thing. In this case, I'd like some advice on my options: * ari edelkind wrote a dhcp-2.0+paranoia.patch which added chroot() and setuid()/gid() to dhcpd v2 - unfortunately http://users.phri.nyu.edu/~edelkind/custom/public/patches/dhcp-2.0+paranoia. patch and http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch are now dead links. Does anyone have a copy of this patch? * Kurt Seifreid wrote an article on DHCP security issues - alas http://securityportal.com/closet/closet20001129.html is also a dead link. Has anyone seen a mirror of this article? * ISC-DHCP v3 has lots of new features, but still seems to be missing the option to run as non-root. Since I don't need stuff like Dynamic DNS, is there any reason not to stay with version 2? Thanks muchly, Rob. -- Trust the Computer. The Computer is your friend. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005b01c203f4$28e03100$a4b826cb>