Date: Sat, 12 Oct 2019 10:32:54 +0100 From: Roy Marples <roy@marples.name> To: Hiroki Sato <hrs@allbsd.org> Cc: woodsb02@gmail.com, hrs@freebsd.org, freebsd-net@freebsd.org, driesm.michiels@gmail.com Subject: Re: DHCPv6 client in base Message-ID: <e8ca890f-7f13-920c-b8fc-0491d38e360e@marples.name> In-Reply-To: <20191012.110455.1650077722278454495.hrs@allbsd.org> References: <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com> <20191012.044034.19725945241254130.hrs@allbsd.org> <b5e0e1e1-d29c-3e47-5579-353c9d873924@marples.name> <20191012.110455.1650077722278454495.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/10/2019 03:04, Hiroki Sato wrote: > I emphasize again here that people who want to use dhcpcd are still > able to install net/dhcpcd and override a combination of utilities > such as rtsold. Ditto for ISC's IPv6-capable dhclient. My opinion > about the import is that if we adopt dhcpcd in the base system, we > should replace all of the current dhclient for IPv4 and rtsold > together. Of course we should consider it will need Capsicum or > privsep for sandboxing and involve a bigger impact for IPv4 users at > least. I agree with what you say entirely - and I would imagine similar work would be needed for any DHCP6 client. I have no idea how privsep or Capsicum should work under dhcpcd (I have zero knowledge in these areas) and would welcome any discussion to move this forwards. For privsep, would it be enough to open ports, drop privs, read the message, validate the message and then send it to the root process? Or is there something more expected? Roy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e8ca890f-7f13-920c-b8fc-0491d38e360e>