Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Sep 2013 12:45:40 -0400
From: Jeffrey Walton <noloader@...il.com>
To: owl-users@...ts.openwall.com
Subject: Re: Owl 3.0 and Virtual Machine Setup?

On Mon, Sep 23, 2013 at 4:55 AM,  <gremlin@...mlin.ru> wrote:
> On 21-Sep-2013 02:47:51 +0400, Solar Designer wrote:
>
>  >> Would you happen to know how to start the dhcp client?
>
>  > You might be surprised and disappointed, but we do not
>  > officially provide a DHCP client in Owl. (We do provide
>  > a DHCP server, though.) This is something we've been
>  > meaning to change (for use cases such as yours), by
>  > introducing a properly privilege-separated DHCP client,
>  > but haven't gotten around to doing yet.
>
> I still think installing /usr/bin/dhclient 0700 root:root
> for manual on-demand running (`dhclient -1 eth0`) will not
> impose any real risk - people who care of security normally
> know where and how they are connected and whether they are
> willing to use such connection.
Forgive my ignorance here.... I know of two issues with DHCP and both
are server related. First is lack of authentication between DHCP
client, server, and network; and second is a DoS attack on DNS servers
through DHCP server acing as a proxy for a client.

I don't think an Owl DHCP client makes the situation any worse for me.
I already have a DHCP server in place, which means I accepted the risk
in exchange for ease of administration.

Are there any other security related issues specific to the client at
the network layer? Or, are the problems/concern centered around a
privileged separated client on the Owl machine?

Jeff

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ