1 |
Hi, |
2 |
|
3 |
On 10/8/06, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
4 |
> It is my understanding that dhcpcd client requires root or a |
5 |
> privileged user. Am presently running dhcpcd in a chroot jail (ssp and |
6 |
> grsecurity-hardened kernel) as user root (ugh). (This is a laptop used |
7 |
> at hotspots, so I think I need to use dhcp). |
8 |
|
9 |
|
10 |
Not all dhcp clients run has root. |
11 |
|
12 |
in ubuntu linux, the dhclient is running with "daemon" user. |
13 |
I haven't looked carefully how to acomplish this in gentoo.. but I will. |
14 |
|
15 |
|
16 |
> |
17 |
> Other distributions distribute dhcpcd with a "paranoia" patch incorporated |
18 |
> |
19 |
> <http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch> |
20 |
> |
21 |
> which allows the dropping of privilege and changing of user/group after startup. |
22 |
|
23 |
|
24 |
It would be nice to have that integrated. |
25 |
|
26 |
|
27 |
> |
28 |
> Questions: |
29 |
> |
30 |
> 1 Does Gentoo have an "official" way to apply this patch. |
31 |
> |
32 |
> 2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch |
33 |
> the source manually; ebuild merge !? |
34 |
> |
35 |
> 3. Are there other ways to deal with this potential vulnerability |
36 |
> (privileged process listening on an open port (68) )? (e.g. using |
37 |
> selfdhcp and effecting a manual connection?) |
38 |
> |
39 |
|
40 |
privilege revocation/separation on the aplication in case seems the better way. |
41 |
|
42 |
> TIA, newbie |
43 |
> -- |
44 |
> gentoo-hardened@g.o mailing list |
45 |
> |
46 |
|
47 |
Best regards, |
48 |
|
49 |
|
50 |
-- |
51 |
Miguel Sousa Filipe |
52 |
-- |
53 |
gentoo-security@g.o mailing list |