Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Aug 2013 23:08:54 +0200
From: Tomas Hoger <>
Subject: Re: ISC DHCP client and unsolicited DHCP options

On Sun, 28 Jul 2013 15:30:27 +0200 Helmut Grohne wrote:

> At least on Debian, the default configuration requests the host-name
> option. The dhclient-script then evaluates this option and thereby
> enables a DHCP server to change the hostname if the current hostname
> is "(none)", "localhost" or a previously sent hostname. Changing the
> hostname can have undesired consequences such as breaking a running
> X11 session (can be considered remote denial of service).
> That is why a number of people (including me) remove host-name from
> the requested options. Now given the new findings, a DHCP server can
> still change the hostname of a connecting client by first sending an
> unsolicited host-name option with the current hostname and then
> changing the hostname in a RENEW. Guessing the current hostname
> should be easy in the presence of avahi or similar services.

The dhclient-script in dhcp packages in recent Fedora and Red Hat
Enterprise Linux versions allow administrator to define hook scripts
which are sourced by the dhclient-script.  Those hooks can unset
environment variables set by dhclient before they are processed by the
dhclient-script.  Not sure if other distros may want to add similar

But as mentioned before, NetworkManager does its own processing and
does not use the standard dhclient-script.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.