Package: dhcp3-server Severity: wishlist Tags: security patch Hi!
dhcpd currently runs as root, which is much more than necessary. To confine the impact of security holes, I minimized the privileges of the server to a minimum: it runs as a normal user "dhcpd" now and only uses CAP_NET_RAW and CAP_NET_BIND_SERVICE capabilities for the initialization phase, and completely drops kernel capabilities when running. The patch is at http://patches.ubuntu.com/patches/dhcp3.deroot-server.diff I separated out the function for privilege dropping since it can be reused to deroot the server (I'll file that as a separate bug). Would you consider applying this in Debian? Thanks and have a nice day! Martin -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.9 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages dhcp3-server depends on: ii debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t pn dhcp3-common Not found. ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature