Package: ifupdown Version: 0.7.54 Severity: important Tags: security
Hi. Apparently, when an dhcp configured interface is started via ifupdown, then settings in dhclient.conf are ignored. This applies at least to, e.g.: supersede domain-search which it would still take from the server, even if indentionally overwritten in the config. Interestingly, network manager does it right and adheres to the set option (the first time ever NM did something right which I've noted ifupdown does badly wrong). Since a rogue DHCP servers (and basically every mobile system uses them) could use this to tamper with many security relevant settings of a client (DNS search, NTP servers, just to name a few), I mark it important and tag security. Cheers, Chris. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ifupdown depends on: ii adduser 3.113+nmu3 ii initscripts 2.88dsf-59.2 ii iproute2 4.3.0-1 ii libc6 2.19-22 ii lsb-base 9.20150917 Versions of packages ifupdown recommends: ii isc-dhcp-client [dhcp-client] 4.3.3-5 Versions of packages ifupdown suggests: ii ppp 2.4.6-3.1 pn rdnssd <none> -- debconf information excluded _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team