[Bug 810946] [NEW] dhclient should drop capabilities
Matthias Schmidt
810946 at bugs.launchpad.net
Fri Jul 15 09:11:46 UTC 2011
Public bug reported:
Disclaimer: This is not a real bug report. It is more a wish for a
future version.
The dhclient is running as root and thus needs special protection
(OpenBSD implemented privilege separation, but unfortunately there is no
patch for Linux available).
Fedora added a patch to drop the capabilities of the process right after
start:
http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob;f=dhcp-4.2.2-capability.patch;h=1f31e1776d94cb8721b66e338999c8664f4fc74a;hb=HEAD
This patch should be added to the dhclient in Ubuntu.
** Affects: isc-dhcp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/810946
Title:
dhclient should drop capabilities
Status in “isc-dhcp” package in Ubuntu:
New
Bug description:
Disclaimer: This is not a real bug report. It is more a wish for a
future version.
The dhclient is running as root and thus needs special protection
(OpenBSD implemented privilege separation, but unfortunately there is
no patch for Linux available).
Fedora added a patch to drop the capabilities of the process right
after start:
http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob;f=dhcp-4.2.2-capability.patch;h=1f31e1776d94cb8721b66e338999c8664f4fc74a;hb=HEAD
This patch should be added to the dhclient in Ubuntu.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/810946/+subscriptions
More information about the foundations-bugs
mailing list