Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Apr 2011 07:47:01 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: DHCP client

Hi,

Nikola - this might be a challenging task for you... or someone else may
volunteer for it.

We need a DHCP client with privilege separation.  Juan on our team did
some work on this several years ago, but he never completed it and he is
not going to.  Meanwhile, OpenBSD implemented privsep in their fork of
ISC's dhclient, and this code got into FreeBSD and DragonFly BSD, but it
has not yet been ported to Linux (as far as I'm aware).

I think that we should either port OpenBSD's dhclient to Linux or port
the relevant ones of their changes to ISC's portable DHCP suite.  In the
former case, we'll have separate directory Owl/packages/dhclient/ in our
native tree for the DHCP client.  In the latter case, we'll have more
patches under Owl/packages/dhcp/ and we'll enable building of the DHCP
client in dhcp.spec (which is currently disabled because of the lack of
privsep).  Also, in the latter case we need to update to a newer
upstream version (latest stable) of the DHCP suite first.

I'd appreciate any comments.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ