ubuntu-devel Digest, Vol 23, Issue 16
Dan Kegel
dank at kegel.com
Wed Jul 5 06:59:51 BST 2006
On 7/4/06, Daniel Pittman <daniel at rimspace.net> wrote:
> > I wonder how practical it would be to get glibc to use tcp for
> > DNS requests...
>
> That would make you extremely unpopular in a wide range of ISP
> environments, as you just radically increased the load on their DNS
> servers.
Yeah, I guess it's not too practical. While we're on the subject of
security and overhead, may as well mention dnssec, too.
(How the heck would the keys get distributed in the real world?)
Anyway, the no-open-port policy probably says "but DNS is ok",
or should.
> > There remains the dhcp open port. I'm still curious why that needs to
> > be there while the client is in bound state.
>
> Because DHCP requires address renewal, which requires communication with
> the DHCP server. The client, at least in sane cases, drops away from
> root (which can open raw sockets) to mitigate security risks.
Sounds like a perfect use for CAP_NET_BIND_SERVICE.
The client could keep the one capability it needs, but
drop the rest of root. (I haven't looked at the code, but I
wouldn't be surprised if it's already in there...)
- Dan
More information about the ubuntu-devel
mailing list