It is my understanding that dhcpcd client requires root or a
privileged user. Am presently running dhcpcd in a chroot jail (ssp and
grsecurity-hardened kernel) as user root (ugh). (This is a laptop used
at hotspots, so I think I need to use dhcp).
Other distributions distribute dhcpcd with a "paranoia" patch incorporated
<http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch>
which allows the dropping of privilege and changing of user/group after startup.
Questions:
1 Does Gentoo have an "official" way to apply this patch.
2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch
the source manually; ebuild merge !?
3. Are there other ways to deal with this potential vulnerability
(privileged process listening on an open port (68) )? (e.g. using
selfdhcp and effecting a manual connection?)
TIA, newbie
--
gentoo-security@gentoo.org mailing list
privileged user. Am presently running dhcpcd in a chroot jail (ssp and
grsecurity-hardened kernel) as user root (ugh). (This is a laptop used
at hotspots, so I think I need to use dhcp).
Other distributions distribute dhcpcd with a "paranoia" patch incorporated
<http://www.episec.com/people/edelkind/patches/dhcp/dhcp-2.0+paranoia.patch>
which allows the dropping of privilege and changing of user/group after startup.
Questions:
1 Does Gentoo have an "official" way to apply this patch.
2 Presuming that it doesn't, I guess that I'll ebuild unpack: patch
the source manually; ebuild merge !?
3. Are there other ways to deal with this potential vulnerability
(privileged process listening on an open port (68) )? (e.g. using
selfdhcp and effecting a manual connection?)
TIA, newbie
--
gentoo-security@gentoo.org mailing list