Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-hardened@g.o
From: "Miguel Figueiredo Mascarenhas Sousa Filipe" <miguel.filipe@...>
Subject: Re: [gentoo-hardened] Securing dhcpcd (client)
Date: Mon, 9 Oct 2006 12:18:36 +0100

On 10/8/06, 7v5w7go9ub0o <7v5w7go9ub0o@...> wrote:
> It is my understanding that dhcpcd client requires root or a
> privileged user. Am presently running dhcpcd in a chroot jail (ssp and
> grsecurity-hardened kernel) as user root (ugh). (This is a laptop used
> at hotspots, so I think I need to use dhcp).

Not all dhcp clients run has root.

in ubuntu linux, the dhclient is running with "daemon" user.
I haven't looked carefully how to acomplish this in gentoo.. but I will.

> Other distributions distribute dhcpcd with a "paranoia" patch incorporated
> <>
> which allows the dropping of privilege and changing of user/group after startup.

It would be nice to have that integrated.

> Questions:
> 1 Does Gentoo have an "official" way to apply this patch.
> 2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch
> the source manually; ebuild merge !?
> 3. Are there other ways to deal with this potential vulnerability
> (privileged process listening on an open port (68) )?  (e.g. using
> selfdhcp and effecting a manual connection?)

privilege revocation/separation on the aplication in case seems the better way.

> TIA, newbie
> --
> gentoo-hardened@g.o mailing list

Best regards,

Miguel Sousa Filipe
gentoo-security@g.o mailing list

Securing dhcpcd (client)
-- 7v5w7go9ub0o
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: Securing dhcpcd (client)
Next by thread:
Re: [gentoo-hardened] Securing dhcpcd (client)
Previous by date:
Re: ***SPAM*** Re: Using a gentoo box to cache windows updates & mac updates
Next by date:
Re: [gentoo-hardened] Securing dhcpcd (client)

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.