Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Sep 2013 12:33:50 +0400
From: gremlin@...mlin.ru
To: owl-users@...ts.openwall.com
Subject: Re: Owl 3.0 and Virtual Machine Setup?

On 23-Sep-2013 12:45:40 -0400, Jeffrey Walton wrote:

 >>> You might be surprised and disappointed, but we do not
 >>> officially provide a DHCP client in Owl. (We do provide a
 >>> DHCP server, though.) This is something we've been meaning to
 >>> change (for use cases such as yours), by introducing a properly
 >>> privilege-separated DHCP client, but haven't gotten around to
 >>> doing yet.

^^^^^^^^^^^^^^^^^^^^^^^^^

 >> I still think installing /usr/bin/dhclient 0700 root:root for
 >> manual on-demand running (`dhclient -1 eth0`) will not impose
 >> any real risk - people who care of security normally know where
 >> and how they are connected and whether they are willing to use
 >> such connection.

 > I don't think an Owl DHCP client makes the situation any worse
 > for me.  I already have a DHCP server in place, which means I
 > accepted the risk in exchange for ease of administration.

/me too :-)

ftp://gremlin.people.openwall.com/pub/linux/Owl/RPMS.x86_64/dhcp-*.rpm

Sizes and SHA1 hashes are:

dhcp-3.0.7-owl2.x86_64.rpm		232768	303ed0c26079bd82422d3d0c16b4fb399b4a10c3
dhcp-client-3.0.7-owl2.x86_64.rpm	208556	9272e8409dcd77045dda54452e7404be81a68f77
dhcp-relay-3.0.7-owl2.x86_64.rpm	87093	69d486816b70781534a0f6349a2da6a9f5bf4123
dhcp-server-3.0.7-owl2.x86_64.rpm	307430	17595dc50ef506ab8203f822ea0e019225901722

 > Are there any other security related issues specific to the client
 > at the network layer? Or, are the problems/concern centered around
 > a privileged separated client on the Owl machine?

Yes, and Solar clearly stated that - see above (underlined by me).


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ