On 23-Sep-2013 12:45:40 -0400, Jeffrey Walton wrote: >>> You might be surprised and disappointed, but we do not >>> officially provide a DHCP client in Owl. (We do provide a >>> DHCP server, though.) This is something we've been meaning to >>> change (for use cases such as yours), by introducing a properly >>> privilege-separated DHCP client, but haven't gotten around to >>> doing yet.
^^^^^^^^^^^^^^^^^^^^^^^^^ >> I still think installing /usr/bin/dhclient 0700 root:root for >> manual on-demand running (`dhclient -1 eth0`) will not impose >> any real risk - people who care of security normally know where >> and how they are connected and whether they are willing to use >> such connection. > I don't think an Owl DHCP client makes the situation any worse > for me. I already have a DHCP server in place, which means I > accepted the risk in exchange for ease of administration. /me too :-) ftp://gremlin.people.openwall.com/pub/linux/Owl/RPMS.x86_64/dhcp-*.rpm Sizes and SHA1 hashes are: dhcp-3.0.7-owl2.x86_64.rpm 232768 303ed0c26079bd82422d3d0c16b4fb399b4a10c3 dhcp-client-3.0.7-owl2.x86_64.rpm 208556 9272e8409dcd77045dda54452e7404be81a68f77 dhcp-relay-3.0.7-owl2.x86_64.rpm 87093 69d486816b70781534a0f6349a2da6a9f5bf4123 dhcp-server-3.0.7-owl2.x86_64.rpm 307430 17595dc50ef506ab8203f822ea0e019225901722 > Are there any other security related issues specific to the client > at the network layer? Or, are the problems/concern centered around > a privileged separated client on the Owl machine? Yes, and Solar clearly stated that - see above (underlined by me). -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
pgp3ahS_9k_kV.pgp
Description: PGP signature
