DHCPv6 client in base
Ben Woods
woodsb02 at gmail.com
Mon Oct 14 22:41:50 UTC 2019
On Sat, 12 Oct 2019 at 1:45 am, Brooks Davis <brooks at freebsd.org> wrote:
> DHCP is one of the most exposed attack surfaces in existence. We expect
> it to take input from explicitly untrustworthy networks and perform
> actions as root. It might be OK to import this as a stopgap only
> supporting IPv6, but without capsicum or privilege separation (as noted
> elsewhere in the thread) it seems unlikely to be a good idea enable it
> by default or replace the existing IPv4 dhclient.
>
> -- Brooks
>
Hi Brooks,
Thanks for the feedback.
Roy Marples (the main dhcpcd) has already begun working on privilege
separating dhcpcd based on your feedback.
Have you or Roy got any thoughts on how the privilege separation might be
structured?
- main process
- network listener
- packer interpreter
- hook runner and scripts
It’s obviously the packet interpreter that is the risky part, but does not
need privileges.
FreeBSD has the “_dhcp” user which I assume could be used for running these
low privilege tasks?
Roy is not intending to work on capsicum support in dhcpcd, but I think
once the privilege separation has been done it will be easier to add that
support.
Regards,
Ben
--
--
From: Benjamin Woods
woodsb02 at gmail.com
More information about the freebsd-net
mailing list