Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: 7v5w7go9ub0o <7v5w7go9ub0o@...>
Subject: Re: Re: [gentoo-hardened] Securing dhcpcd (client)
Date: Mon, 09 Oct 2006 15:49:37 -0400
On Mon, 09 Oct 2006 15:06:15 -0400, Brian G. Peterson  
<brian@...> wrote:

> On Monday 09 October 2006 13:37, 7v5w7go9ub0o wrote:
>> Given my lack of expertise, I'll work on a patch later, and in the
>> short   term I'll automate the momentary use of the dhcpcd client in a
>> hardened jail to negotiate a connection; then record that information;
>> then terminate dhcpcd; then use the recorded info and ifconfig or
>> iproute2 to create a direct connection. A script or little C program.
>
> Why not just use one of the other clients?
>
> pump drops privs
>
> udhcp drops privs
>
> it looks like dhclient can be configured to drop privs
>
> Why go throught the trouble to use dhcpcd?
>
> Regards,
>
>    - Brian
>

Thanks for the follow up.  I was following this page :

<http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?style=printable&part=4&chap=3#doc_chap3>

which describes pump as "No longer maintained upstream, unreliable,  
especially over modems, cannot get NIS servers from DHCP",
describes udhcp as "Unproven - no distro uses it by default, cannot define  
a timeout beyond 3 seconds ",
describes dhclient as "Configuration is overly complex, software is quite  
bloated .........",
and (IIUC) recommends dhcpcd ("the longtime Gentoo default") over the  
other alternatives.

Perhaps this handbook is out of date (unfortunately, the individual Gentoo  
handbook pages have no dates)?

Would certainly appreciate a contemporary recommendation. :-) (I'll be  
googling about looking for info on these other clients)

Thanks!

-- 
gentoo-security@g.o mailing list


References:
Securing dhcpcd (client)
-- 7v5w7go9ub0o
Re: [gentoo-hardened] Securing dhcpcd (client)
-- Miguel Figueiredo Mascarenhas Sousa Filipe
Re: [gentoo-hardened] Securing dhcpcd (client)
-- 7v5w7go9ub0o
Re: Re: [gentoo-hardened] Securing dhcpcd (client)
-- Brian G. Peterson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: [gentoo-hardened] Securing dhcpcd (client)
Next by thread:
sysklog & syslog-ng: minimizing the number of root user daemons. WAS(Re: [gentoo-hardened] Reducing the number of setuids, root user daemons..et al)
Previous by date:
Re: Re: [gentoo-hardened] Securing dhcpcd (client)
Next by date:
sysklog & syslog-ng: minimizing the number of root user daemons. WAS(Re: [gentoo-hardened] Reducing the number of setuids, root user daemons..et al)


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.