From owner-freebsd-net@freebsd.org  Sun Oct 13 20:20:49 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 662DBB499C
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun, 13 Oct 2019 20:20:49 +0000 (UTC)
 (envelope-from roy@marples.name)
Received: from relay2.marples.name (relay2.marples.name [77.68.23.143])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "relay2.marples.name",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46rtNw2Z4bz4Vys
 for <freebsd-net@freebsd.org>; Sun, 13 Oct 2019 20:20:48 +0000 (UTC)
 (envelope-from roy@marples.name)
Received: from mail.marples.name
 (cpc115040-bour7-2-0-cust370.15-1.cable.virginm.net [81.108.15.115])
 by relay2.marples.name (Postfix) with ESMTPS id 242FC7A2
 for <freebsd-net@freebsd.org>; Sun, 13 Oct 2019 20:20:37 +0000 (UTC)
Received: from [10.73.1.30] (unknown [10.73.1.30])
 (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.marples.name (Postfix) with ESMTPSA id 665801CD56B;
 Sun, 13 Oct 2019 21:18:46 +0100 (BST)
Subject: Re: DHCPv6 client in base
To: Hiroki Sato <hrs@allbsd.org>, woodsb02@gmail.com
Cc: hrs@freebsd.org, brooks@freebsd.org, julian@freebsd.org,
 driesm.michiels@gmail.com, freebsd-net@freebsd.org
References: <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com>
 <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com>
 <CAOc73CBzvRD0Je5+XQJ9_UqTP2_cgJvc7_7JTU0fjKBCVnTt-w@mail.gmail.com>
 <20191014.043209.919156653743886519.hrs@allbsd.org>
From: Roy Marples <roy@marples.name>
Message-ID: <f3c51ba5-ebad-4f2f-2ae5-ab08055f6b6b@marples.name>
Date: Sun, 13 Oct 2019 21:20:32 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191014.043209.919156653743886519.hrs@allbsd.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 46rtNw2Z4bz4Vys
X-Spamd-Bar: /
X-Spamd-Result: default: False [-0.95 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[marples.name:s=mail]; RCVD_TLS_ALL(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+a:relay2.marples.name];
 NEURAL_HAM_LONG(-0.97)[-0.970,0]; TAGGED_RCPT(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 NEURAL_HAM_MEDIUM(-0.88)[-0.883,0];
 MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[marples.name:+];
 DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine];
 RCPT_COUNT_SEVEN(0.00)[7]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 IP_SCORE(0.40)[asn: 8560(2.03), country: DE(-0.01)];
 ASN(0.00)[asn:8560, ipnet:77.68.0.0/17, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2019 20:20:49 -0000

On 13/10/2019 20:32, Hiroki Sato wrote:
> Ben Woods <woodsb02@gmail.com> wrote
>    in <CAOc73CBzvRD0Je5+XQJ9_UqTP2_cgJvc7_7JTU0fjKBCVnTt-w@mail.gmail.com>:
> 
> wo> On Fri, 11 Oct 2019 at 08:32, Ben Woods <woodsb02@gmail.com> wrote:
> wo> As promised, I have completed my initial work to import dhcpcd into FreeBSD
> wo> base, and it is ready for review, testing and comment at the link below.
> wo> https://reviews.freebsd.org/D22012
> wo>
> wo> As per the comment from brooks@, I have opted to have it installed in
> wo> parallel with dhclient (which remains the default).
> 
>   How do you want to proceed the discussion?  I sent my view and made
>   myself clear that importing dhcpcd into the base system as-is is not
>   a good idea.  What is your answer to my concerns?  I also agree with
>   Brooks about a need for sandboxing before the import if it will
>   happen.  Do you have any plan to add changes to the imported dhcpcd?

Sorry if it was not clear. The discussion involves what is the required 
acceptance for Priviledge Seperation because this is quite new to me.

My current idea is to open DHCP, IPv6RA and DHCP6 ports, chroot, drop 
privs and fork. This concept is pretty standard thus far. These are 
listening ports only and will dry-run any received message through 
dhcpcd's two commons paths:
   1) extract address and routing information without applying it
   2) environment option generation from the whole message

Once done, the message is passed verbatim back to dhcpcd for doing the 
same tasks but actually configuring the host.

I've started work on implementing this and hopefully it will add value 
and security. If anyone thinks this is wrong, or there is a better way 
or I've missed something blazingly obvious, now is the time to tell me!

The tricky part will be handling BPF (for BOOTP and ARP) because of the 
needs of how dhcpcd works. I think I'll need to spawn an unpriv process 
per BPF as needed and this part will probably be implemeted last.

Roy