Date: Fri, 11 Oct 2019 17:45:20 +0000 From: Brooks Davis <brooks@freebsd.org> To: Ben Woods <woodsb02@gmail.com> Cc: Hiroki Sato <hrs@freebsd.org>, freebsd-net@freebsd.org, driesm.michiels@gmail.com, "roy@marples.name" <roy@marples.name> Subject: Re: DHCPv6 client in base Message-ID: <20191011174520.GC53377@spindle.one-eyed-alien.net> In-Reply-To: <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com> References: <001e01d50b49$176104d0$46230e70$@gmail.com> <20190516.032012.517661495892269813.hrs@allbsd.org> <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com> <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--2JFBq9zoW8cOFH7v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 11, 2019 at 08:32:59AM +0800, Ben Woods wrote: > On Mon, 7 Oct 2019 at 8:53 am, Ben Woods <woodsb02@gmail.com> wrote: >=20 > > On Thu, 16 May 2019 at 2:25 am, Hiroki Sato <hrs@freebsd.org> wrote: > > > >> <driesm.michiels@gmail.com> wrote > >> in <001e01d50b49$176104d0$46230e70$@gmail.com>: > >> > >> dr> Has anyone ever thought or considered integrating an IPv6 DHCP cli= ent > >> in > >> dr> base? > >> > > > > I would like to discuss whether dhcpcd is a better option to import into > > FreeBSD base, rather than wide-dhcp6. > > >=20 > Hi everyone, >=20 > I have been working on importing dhcpcd into FreeBSD base over the last f= ew > days, and should be ready to share something on phabricator for review th= is > weekend. >=20 > In addition to the normal review cycle, given I am a ports committer (I > don???t have a src commit bit), I would need this to be endorsed and appr= oved > by a src committer. >=20 > I have heavily utilised the Makefile and rc scripts from DragonFly BSD. >=20 > I don???t intend to include any changes to the kernel for improved dhcpcd > functionality as a part of this review - these could be made subsequently > if dhcpcd is committed. For now it would just be the same functionality as > if you used the net/dhcpcd port. DHCP is one of the most exposed attack surfaces in existence. We expect it to take input from explicitly untrustworthy networks and perform actions as root. It might be OK to import this as a stopgap only supporting IPv6, but without capsicum or privilege separation (as noted elsewhere in the thread) it seems unlikely to be a good idea enable it by default or replace the existing IPv4 dhclient. -- Brooks --2JFBq9zoW8cOFH7v Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdoL+wAAoJEKzQXbSebgfAe0MH/1T+LI6dcz4zIs5B5pW829IW BVfRspJ+Oertr4kflenyJCIzR+3mtd1nC+R3nCatiflMoE+I351XhtQhjjMloRMa xHdJkVmAR+IhZV33iEmO6Pqq7vZ6nWtUjJxw2S3fmJV5JSwdOI7c3vCuyZb+JNHA 9M+YbavfWylCKqmbO7AvjJ9CvA9tjxbh5URZMmYywiefibcTOXONMpKJFcyu3VLG BCjbVKBiyIM+nEdWYlB3xEvNtNJZMWcfuPc47RldggCeqvxl2lcadPZC2faYeUIh M/N7NIuWBycZLqcSM32pizdB5xTUJKZm5POp2lj5KVwLp0VEtLWw2V4hcStGIaM= =AX2B -----END PGP SIGNATURE----- --2JFBq9zoW8cOFH7v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191011174520.GC53377>