dhcpcd-discuss

On Thu, 3 Sep 2020 at 10:39, Roy Marples <roy@xxxxxxxxxxxx> wrote:

> Hi Ben
>
> On 03/09/2020 02:37, Ben Woods wrote:
> > I just saw this security advisory for the FreeBSD dhclient (not dhcpcd).
> >
> > But I was curious on a couple of items:
> >
> >  1. Is dhcpcd susceptible to this also?
>
> Not afaik.
> The equivalent code in dhcpcd looks nothing like FreeBSD dhclient and it's
> also
> been audited by Google and a few other vendors.
>
> >  2. Is the dhcpcd process that interprets the option 19 response also
> running as
> >     a low privileged user in a sandbox?
>
> Yes (all options, 19, but I think you meant 119).
> It's also in capsicum limited process on FreeBSD as well.
>
> Basically, *everything* with parsing the DHCP message is one in a low
> privileged
> procesess. There are no exceptions.
>
> Address and routes are upstreamed to the privileged process as generic
> commands
> and everything else is offloaded to dhcpcd-run-hooks as environment
> variables.
> Please note that dhcpcd does nothing to protect against ShellShock [1] and
> it's
> upto the upsteam distro to solve that.
>
> Roy
>
> [1] https://en.wikipedia.org/wiki/Shellshock_(software_bug)


Thanks for those answers Roy - that's what I thought, but just wanted to
confirm.

PS - I note FreeBSD ports is slightly behind on dhcpcd versions.
> Saying that, I will hopefully put out a new version over the weekend which
> mainly solved minor bugs from the prior release.
>


I have just committed 2 changes to FreeBSD ports:
1. Removed net/dhcpcd-devel - no longer required since the stable release
of 9.1.0, since it was mostly used to support broader testing of the
capsicum and privilege separation development efforts.
2. Updated net/dhcpcd to 9.1.4 - I will keep a lookout for another release
this weekend. Sorry it got outdated for a bit - life got away from me.

Regards,
Ben