Date: Tue, 13 Aug 2013 23:08:54 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: helmut@...divi.de Subject: Re: ISC DHCP client and unsolicited DHCP options On Sun, 28 Jul 2013 15:30:27 +0200 Helmut Grohne wrote: > At least on Debian, the default configuration requests the host-name > option. The dhclient-script then evaluates this option and thereby > enables a DHCP server to change the hostname if the current hostname > is "(none)", "localhost" or a previously sent hostname. Changing the > hostname can have undesired consequences such as breaking a running > X11 session (can be considered remote denial of service). > > That is why a number of people (including me) remove host-name from > the requested options. Now given the new findings, a DHCP server can > still change the hostname of a connecting client by first sending an > unsolicited host-name option with the current hostname and then > changing the hostname in a RENEW. Guessing the current hostname > should be easy in the presence of avahi or similar services. The dhclient-script in dhcp packages in recent Fedora and Red Hat Enterprise Linux versions allow administrator to define hook scripts which are sourced by the dhclient-script. Those hooks can unset environment variables set by dhclient before they are processed by the dhclient-script. Not sure if other distros may want to add similar mechanism: http://pkgs.fedoraproject.org/cgit/dhcp.git/plain/dhclient-script But as mentioned before, NetworkManager does its own processing and does not use the standard dhclient-script. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.