Package: dhcp3-client Severity: wishlist Tags: security patch Hi!
dhclient currently runs as root, which is much more than necessary. Similarly to the derooting of dhcpd (I filed a separate bug about this) I minimized the privileges of dhclient. Here is the patch (which requires that the server derooting patch is already applied): http://patches.ubuntu.com/patches/dhcp3.deroot-client.diff Please consider applying it in Debian. Please also don't hesitate to contact me if you have questions or suggestions how to improve it. Thanks, Martin -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.9 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages dhcp3-client depends on: ii debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t pn dhcp3-common Not found. ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
