Gentoo Archives: gentoo-security

From: 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
To: gentoo-security@l.g.o
Cc: "gentoo-hardened@l.g.o" <gentoo-hardened@l.g.o>
Subject: Re: [gentoo-security] Re: [gentoo-hardened] Securing dhcpcd (client)
Date: Mon, 09 Oct 2006 19:57:34
Message-Id: op.tg56ozwqyguj3e@you.and.your.horse
In Reply to: Re: [gentoo-security] Re: [gentoo-hardened] Securing dhcpcd (client) by "Brian G. Peterson"
On Mon, 09 Oct 2006 15:06:15 -0400, Brian G. Peterson  
<brian@×××××××××.com> wrote:

> On Monday 09 October 2006 13:37, 7v5w7go9ub0o wrote: >> Given my lack of expertise, I'll work on a patch later, and in the >> short   term I'll automate the momentary use of the dhcpcd client in a >> hardened jail to negotiate a connection; then record that information; >> then terminate dhcpcd; then use the recorded info and ifconfig or >> iproute2 to create a direct connection. A script or little C program. > > Why not just use one of the other clients? > > pump drops privs > > udhcp drops privs > > it looks like dhclient can be configured to drop privs > > Why go throught the trouble to use dhcpcd? > > Regards, > > - Brian >
Thanks for the follow up. I was following this page : <http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?style=printable&part=4&chap=3#doc_chap3> which describes pump as "No longer maintained upstream, unreliable, especially over modems, cannot get NIS servers from DHCP", describes udhcp as "Unproven - no distro uses it by default, cannot define a timeout beyond 3 seconds ", describes dhclient as "Configuration is overly complex, software is quite bloated .........", and (IIUC) recommends dhcpcd ("the longtime Gentoo default") over the other alternatives. Perhaps this handbook is out of date (unfortunately, the individual Gentoo handbook pages have no dates)? Would certainly appreciate a contemporary recommendation. :-) (I'll be googling about looking for info on these other clients) Thanks! -- gentoo-security@g.o mailing list