dhcpcd-discuss

On 13/11/2019 11:24, Roy Marples wrote:
> My current plan is to finish my privsep work, push the required changes 
> for it into master and then fork off a dhcpcd-8 branch. So consider this 
> an annoncement that no new features will be added to dhcpcd-8 and it 
> will only get serious issues fixed from this point on.
>
> As part of the privsep work, the RUNDIR needs changing from /var/run to 
> /var/run/dhcpcd so that the unprivledged main process can exit cleanly.
> Other than that, the privsep code is *optional* so you don't have to 
> compile it in. But if you do, it will always run in privsep mode and a 
> user will be required to be added to the system - default _dhcpcd but 
> can be changed.

dhcpcd-8 has now been branched and will only get security updates.

Priviledge separation has now been added to master - not enabled by 
default. For implementation details, see the commit message.

TL;DR guide:
cd ~/src
git clone git://roy.marples.name/dhcpcd.git
useradd -d /nonexistant -s /sbin/nologin -c '& pseudo-user' _dhcpcd
./configure --enable-privsep
make
make proginstall

Note that ASAN is enabled if the compiler supports it and dhcpcd is 
configured from a git clone. This is quite memory intensive and top / ps 
will report weird values. Edit config.mk after configure and remove the 
respective flags before compiling if you don't want this.

Hopefully people can test this and let me know of any issues, concerns, 
etc. Even an OMG It works!! would be appreciated as I've spent a lot of 
free time working on this.

Roy