[Bug 810946] Re: dhclient should drop capabilities
Stéphane Graber
stgraber at stgraber.org
Tue Jun 26 19:16:23 UTC 2012
Based on Marc's review, I won't be including this patch.
The cost of maintaining that patch isn't justified by the close to non-
existent added security. Our apparmor profile does a good job at
restricting what dhclient can do in a much better way than this patch.
As pointed out by Marc, the binary has access to CAP_DAC_OVERRIDE and
CAP_SYS_ADMIN, basically allowing it to escalate back to full root by
just setting the SUID bit on an executable.
** Changed in: isc-dhcp (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/810946
Title:
dhclient should drop capabilities
Status in “isc-dhcp” package in Ubuntu:
Won't Fix
Bug description:
Disclaimer: This is not a real bug report. It is more a wish for a
future version.
The dhclient is running as root and thus needs special protection
(OpenBSD implemented privilege separation, but unfortunately there is
no patch for Linux available).
Fedora added a patch to drop the capabilities of the process right
after start:
http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob;f=dhcp-4.2.2-capability.patch;h=1f31e1776d94cb8721b66e338999c8664f4fc74a;hb=HEAD
This patch should be added to the dhclient in Ubuntu.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/810946/+subscriptions
More information about the foundations-bugs
mailing list