Gentoo Linux -- List Archive: gentoo-security

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-security

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-security@g.o
From:	7v5w7go9ub0o <7v5w7go9ub0o@...>
Subject:	Securing dhcpcd (client)
Date:	Sun, 8 Oct 2006 17:26:56 -0400

It is my understanding that dhcpcd client requires root or a
privileged user. Am presently running dhcpcd in a chroot jail (ssp and
grsecurity-hardened kernel) as user root (ugh). (This is a laptop used
at hotspots, so I think I need to use dhcp).

Other distributions distribute dhcpcd with a "paranoia" patch incorporated

<http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch>

which allows the dropping of privilege and changing of user/group after startup.

Questions:

1 Does Gentoo have an "official" way to apply this patch.

2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch
the source manually; ebuild merge !?

3. Are there other ways to deal with this potential vulnerability
(privileged process listening on an open port (68) )?  (e.g. using
selfdhcp and effecting a manual connection?)

TIA, newbie
-- 
gentoo-security@g.o mailing list

Replies:

Re: [gentoo-hardened] Securing dhcpcd (client)
-- Miguel Figueiredo Mascarenhas Sousa Filipe

Re: Securing dhcpcd (client)
-- Brian G. Peterson

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Re: Digest of gentoo-security@g.o issue 51 (681-698)

Next by thread:

Re: Securing dhcpcd (client)

Previous by date:

Re: Re: Digest of gentoo-security@g.o issue 51 (681-698)

Next by date:

Re: Securing dhcpcd (client)

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.