Hi, I've been looking at Fedora's default --after installation-- attack surface in terms of servers running, and I see chrony, and NetworkManager running. NetworkManager runs as root, while chrony runs as a dedicated user. NetworkManager according to lsof listens at the bootpc and dhcpv6-client ports and is a pretty interesting setup.
The reason it is interesting is that when I upgrade chrony it restarts (due to %systemd_postun_with_restart), but I do not see something similar in NetworkManager. Meaning on a critical vulnerability that affects the DHCP client paths of networkmanager all fedora systems remain vulnerable even after installing the updated packages until they reboot. Is there a particular reason network-manager or at least its dhcp portion does not restart on upgade, or did I miss something while looking at it? Regards, Nikos _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
