dhcpcd-discuss

On 2019/11/13 20:33, Tim Tassonis wrote:
> On 11/13/19 12:24 PM, Roy Marples wrote:
> > Hi List
> > 
> > There has been interest in some camps for importing dhcpcd into their
> > base system, but a lack of priviledge separation is currently a show
> > stopper.
> > 
> > I've been working on this for a month now and have a basic working
> > model, but only for master mode opertaions. I aim to make it work for
> > all modes before pushing my changes - although it may not work on
> > Solaris initially.

Thanks Roy, this is very welcome!

> Sounds a bit surprising wanting to run dhcpcd in a privsep mode, as I
> thought that almost anything it does requires root privileges?

Acting on the information learned from DHCP usually does require privs,
but parsing DHCP packets from what is often an untrusted network
doesn't. Generally (you can look at OpenBSD's dhclient as an example,
it has done this for 15 years) the parts dealing with the network data
are tightly locked down, and use a simple interface to communicate with
the parts that do have the ability to make privileged changes.