Gentoo Archives: gentoo-security

From: 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
To: gentoo-security@l.g.o
Cc: gentoo-hardened@l.g.o
Subject: [gentoo-security] Securing dhcpcd (client)
Date: Sun, 08 Oct 2006 21:34:36
Message-Id: 5efabb80610081426teecccb9qf8890ef3a722bf36@mail.gmail.com
It is my understanding that dhcpcd client requires root or a
privileged user. Am presently running dhcpcd in a chroot jail (ssp and
grsecurity-hardened kernel) as user root (ugh). (This is a laptop used
at hotspots, so I think I need to use dhcp).

Other distributions distribute dhcpcd with a "paranoia" patch incorporated

<http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch>

which allows the dropping of privilege and changing of user/group after startup.

Questions:

1 Does Gentoo have an "official" way to apply this patch.

2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch
the source manually; ebuild merge !?

3. Are there other ways to deal with this potential vulnerability
(privileged process listening on an open port (68) )?  (e.g. using
selfdhcp and effecting a manual connection?)

TIA, newbie
-- 
gentoo-security@g.o mailing list

Replies

Subject Author
[gentoo-security] Re: [gentoo-hardened] Securing dhcpcd (client) Miguel Figueiredo Mascarenhas Sousa Filipe <miguel.filipe@×××××.com>
[gentoo-security] Re: [gentoo-hardened] Securing dhcpcd (client) Miguel Figueiredo Mascarenhas Sousa Filipe <miguel.filipe@×××××.com>
Re: [gentoo-security] Securing dhcpcd (client) "Brian G. Peterson" <brian@×××××××××.com>