dhcpcd-discuss

On 11/13/19 9:27 PM, Stuart Henderson wrote:
> On 2019/11/13 20:33, Tim Tassonis wrote:
> > On 11/13/19 12:24 PM, Roy Marples wrote:
> > > Hi List
> > >
> > > There has been interest in some camps for importing dhcpcd into their
> > > base system, but a lack of priviledge separation is currently a show
> > > stopper.
> > >
> > > I've been working on this for a month now and have a basic working
> > > model, but only for master mode opertaions. I aim to make it work for
> > > all modes before pushing my changes - although it may not work on
> > > Solaris initially.
>
> Thanks Roy, this is very welcome!
>
> > Sounds a bit surprising wanting to run dhcpcd in a privsep mode, as I
> > thought that almost anything it does requires root privileges?
>
> Acting on the information learned from DHCP usually does require privs,
> but parsing DHCP packets from what is often an untrusted network
> doesn't. Generally (you can look at OpenBSD's dhclient as an example,
> it has done this for 15 years) the parts dealing with the network data
> are tightly locked down, and use a simple interface to communicate with
> the parts that do have the ability to make privileged changes.

Ok, you got me here: the environment dhcpcd gets its input from clearly 
can be very untrusted, so doing everything to mitigate any data 
processing obviously makes a lot of sense.

I will therefore definitely try out the new privsep mode.

Bye
Tim