Gentoo Archives: gentoo-security

From: Miguel Figueiredo Mascarenhas Sousa Filipe <miguel.filipe@×××××.com>
To: gentoo-hardened@l.g.o
Cc: gentoo-security@l.g.o
Subject: [gentoo-security] Re: [gentoo-hardened] Securing dhcpcd (client)
Date: Mon, 09 Oct 2006 11:27:21
In Reply to: [gentoo-security] Securing dhcpcd (client) by 7v5w7go9ub0o <>

On 10/8/06, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote:
> It is my understanding that dhcpcd client requires root or a > privileged user. Am presently running dhcpcd in a chroot jail (ssp and > grsecurity-hardened kernel) as user root (ugh). (This is a laptop used > at hotspots, so I think I need to use dhcp).
Not all dhcp clients run has root. in ubuntu linux, the dhclient is running with "daemon" user. I haven't looked carefully how to acomplish this in gentoo.. but I will.
> > Other distributions distribute dhcpcd with a "paranoia" patch incorporated > > <> > > which allows the dropping of privilege and changing of user/group after startup.
It would be nice to have that integrated.
> > Questions: > > 1 Does Gentoo have an "official" way to apply this patch. > > 2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch > the source manually; ebuild merge !? > > 3. Are there other ways to deal with this potential vulnerability > (privileged process listening on an open port (68) )? (e.g. using > selfdhcp and effecting a manual connection?) >
privilege revocation/separation on the aplication in case seems the better way.
> TIA, newbie > -- > gentoo-hardened@g.o mailing list >
Best regards, -- Miguel Sousa Filipe -- gentoo-security@g.o mailing list