Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Oct 2019 17:45:20 +0000
From:      Brooks Davis <brooks@freebsd.org>
To:        Ben Woods <woodsb02@gmail.com>
Cc:        Hiroki Sato <hrs@freebsd.org>, freebsd-net@freebsd.org, driesm.michiels@gmail.com, "roy@marples.name" <roy@marples.name>
Subject:   Re: DHCPv6 client in base
Message-ID:  <20191011174520.GC53377@spindle.one-eyed-alien.net>
In-Reply-To: <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com>
References:  <001e01d50b49$176104d0$46230e70$@gmail.com> <20190516.032012.517661495892269813.hrs@allbsd.org> <CAOc73CCLPmB7m3yaDE7p4izJ8apaO5jcyRPyLkSJtopqsHxtSQ@mail.gmail.com> <CAOc73CD5dAn95mMuzxeNKoJGxdmZF-ChYFm49tLdKca00OSv8w@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--2JFBq9zoW8cOFH7v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 11, 2019 at 08:32:59AM +0800, Ben Woods wrote:
> On Mon, 7 Oct 2019 at 8:53 am, Ben Woods <woodsb02@gmail.com> wrote:
>=20
> > On Thu, 16 May 2019 at 2:25 am, Hiroki Sato <hrs@freebsd.org> wrote:
> >
> >> <driesm.michiels@gmail.com> wrote
> >>   in <001e01d50b49$176104d0$46230e70$@gmail.com>:
> >>
> >> dr> Has anyone ever thought or considered integrating an IPv6 DHCP cli=
ent
> >> in
> >> dr> base?
> >>
> >
> > I would like to discuss whether dhcpcd is a better option to import into
> > FreeBSD base, rather than wide-dhcp6.
> >
>=20
> Hi everyone,
>=20
> I have been working on importing dhcpcd into FreeBSD base over the last f=
ew
> days, and should be ready to share something on phabricator for review th=
is
> weekend.
>=20
> In addition to the normal review cycle, given I am a ports committer (I
> don???t have a src commit bit), I would need this to be endorsed and appr=
oved
> by a src committer.
>=20
> I have heavily utilised the Makefile and rc scripts from DragonFly BSD.
>=20
> I don???t intend to include any changes to the kernel for improved dhcpcd
> functionality as a part of this review - these could be made subsequently
> if dhcpcd is committed. For now it would just be the same functionality as
> if you used the net/dhcpcd port.

DHCP is one of the most exposed attack surfaces in existence.  We expect
it to take input from explicitly untrustworthy networks and perform
actions as root.  It might be OK to import this as a stopgap only
supporting IPv6, but without capsicum or privilege separation (as noted
elsewhere in the thread) it seems unlikely to be a good idea enable it
by default or replace the existing IPv4 dhclient.

-- Brooks

--2JFBq9zoW8cOFH7v
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJdoL+wAAoJEKzQXbSebgfAe0MH/1T+LI6dcz4zIs5B5pW829IW
BVfRspJ+Oertr4kflenyJCIzR+3mtd1nC+R3nCatiflMoE+I351XhtQhjjMloRMa
xHdJkVmAR+IhZV33iEmO6Pqq7vZ6nWtUjJxw2S3fmJV5JSwdOI7c3vCuyZb+JNHA
9M+YbavfWylCKqmbO7AvjJ9CvA9tjxbh5URZMmYywiefibcTOXONMpKJFcyu3VLG
BCjbVKBiyIM+nEdWYlB3xEvNtNJZMWcfuPc47RldggCeqvxl2lcadPZC2faYeUIh
M/N7NIuWBycZLqcSM32pizdB5xTUJKZm5POp2lj5KVwLp0VEtLWw2V4hcStGIaM=
=AX2B
-----END PGP SIGNATURE-----

--2JFBq9zoW8cOFH7v--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191011174520.GC53377>