From owner-freebsd-net@freebsd.org Sun Oct 13 20:20:49 2019 Return-Path: <owner-freebsd-net@freebsd.org> Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 662DBB499C for <freebsd-net@mailman.nyi.freebsd.org>; Sun, 13 Oct 2019 20:20:49 +0000 (UTC) (envelope-from roy@marples.name) Received: from relay2.marples.name (relay2.marples.name [77.68.23.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay2.marples.name", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46rtNw2Z4bz4Vys for <freebsd-net@freebsd.org>; Sun, 13 Oct 2019 20:20:48 +0000 (UTC) (envelope-from roy@marples.name) Received: from mail.marples.name (cpc115040-bour7-2-0-cust370.15-1.cable.virginm.net [81.108.15.115]) by relay2.marples.name (Postfix) with ESMTPS id 242FC7A2 for <freebsd-net@freebsd.org>; Sun, 13 Oct 2019 20:20:37 +0000 (UTC) Received: from [10.73.1.30] (unknown [10.73.1.30]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.marples.name (Postfix) with ESMTPSA id 665801CD56B; Sun, 13 Oct 2019 21:18:46 +0100 (BST) Subject: Re: DHCPv6 client in base To: Hiroki Sato <hrs@allbsd.org>, woodsb02@gmail.com Cc: hrs@freebsd.org, brooks@freebsd.org, julian@freebsd.org, driesm.michiels@gmail.com, freebsd-net@freebsd.org References: <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com> <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com> <CAOc73CBzvRD0Je5+XQJ9_UqTP2_cgJvc7_7JTU0fjKBCVnTt-w@mail.gmail.com> <20191014.043209.919156653743886519.hrs@allbsd.org> From: Roy Marples <roy@marples.name> Message-ID: <f3c51ba5-ebad-4f2f-2ae5-ab08055f6b6b@marples.name> Date: Sun, 13 Oct 2019 21:20:32 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191014.043209.919156653743886519.hrs@allbsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46rtNw2Z4bz4Vys X-Spamd-Bar: / X-Spamd-Result: default: False [-0.95 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[marples.name:s=mail]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:relay2.marples.name]; NEURAL_HAM_LONG(-0.97)[-0.970,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_MEDIUM(-0.88)[-0.883,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[marples.name:+]; DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine]; RCPT_COUNT_SEVEN(0.00)[7]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.40)[asn: 8560(2.03), country: DE(-0.01)]; ASN(0.00)[asn:8560, ipnet:77.68.0.0/17, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 13 Oct 2019 20:20:49 -0000 On 13/10/2019 20:32, Hiroki Sato wrote: > Ben Woods <woodsb02@gmail.com> wrote > in <CAOc73CBzvRD0Je5+XQJ9_UqTP2_cgJvc7_7JTU0fjKBCVnTt-w@mail.gmail.com>: > > wo> On Fri, 11 Oct 2019 at 08:32, Ben Woods <woodsb02@gmail.com> wrote: > wo> As promised, I have completed my initial work to import dhcpcd into FreeBSD > wo> base, and it is ready for review, testing and comment at the link below. > wo> https://reviews.freebsd.org/D22012 > wo> > wo> As per the comment from brooks@, I have opted to have it installed in > wo> parallel with dhclient (which remains the default). > > How do you want to proceed the discussion? I sent my view and made > myself clear that importing dhcpcd into the base system as-is is not > a good idea. What is your answer to my concerns? I also agree with > Brooks about a need for sandboxing before the import if it will > happen. Do you have any plan to add changes to the imported dhcpcd? Sorry if it was not clear. The discussion involves what is the required acceptance for Priviledge Seperation because this is quite new to me. My current idea is to open DHCP, IPv6RA and DHCP6 ports, chroot, drop privs and fork. This concept is pretty standard thus far. These are listening ports only and will dry-run any received message through dhcpcd's two commons paths: 1) extract address and routing information without applying it 2) environment option generation from the whole message Once done, the message is passed verbatim back to dhcpcd for doing the same tasks but actually configuring the host. I've started work on implementing this and hopefully it will add value and security. If anyone thinks this is wrong, or there is a better way or I've missed something blazingly obvious, now is the time to tell me! The tricky part will be handling BPF (for BOOTP and ARP) because of the needs of how dhcpcd works. I think I'll need to spawn an unpriv process per BPF as needed and this part will probably be implemeted last. Roy