dhcpcd-discuss

Hi Ben

On 03/09/2020 02:37, Ben Woods wrote:
> I just saw this security advisory for the FreeBSD dhclient (not dhcpcd).
>
> But I was curious on a couple of items:
>
>  1. Is dhcpcd susceptible to this also?

Not afaik.
The equivalent code in dhcpcd looks nothing like FreeBSD dhclient and it's also 
been audited by Google and a few other vendors.

>  2. Is the dhcpcd process that interprets the option 19 response also running as
>     a low privileged user in a sandbox?

Yes (all options, 19, but I think you meant 119).
It's also in capsicum limited process on FreeBSD as well.

Basically, *everything* with parsing the DHCP message is one in a low privileged 
procesess. There are no exceptions.

Address and routes are upstreamed to the privileged process as generic commands 
and everything else is offloaded to dhcpcd-run-hooks as environment variables.
Please note that dhcpcd does nothing to protect against ShellShock [1] and it's 
upto the upsteam distro to solve that.

Roy

[1] https://en.wikipedia.org/wiki/Shellshock_(software_bug)

PS - I note FreeBSD ports is slightly behind on dhcpcd versions.
Saying that, I will hopefully put out a new version over the weekend which 
mainly solved minor bugs from the prior release.