On Thu, May 12, 2005 at 06:03:06PM +0200, Martin Pitt wrote: > Package: dhcp3-server > Severity: wishlist > Tags: security patch > > Hi! > > dhcpd currently runs as root, which is much more than necessary. To > confine the impact of security holes, I minimized the privileges of > the server to a minimum: it runs as a normal user "dhcpd" now and only > uses CAP_NET_RAW and CAP_NET_BIND_SERVICE capabilities for the > initialization phase, and completely drops kernel capabilities when > running. > > The patch is at > > http://patches.ubuntu.com/patches/dhcp3.deroot-server.diff > > I separated out the function for privilege dropping since it can be > reused to deroot the server (I'll file that as a separate bug). > > Would you consider applying this in Debian? > > Thanks and have a nice day! >
Hi Martin, Very cool. I will attempt to feed this to upstream, and will look at applying it to Debian. I'm planning on having a major fiddle with dhcp3 after Sarge releases. regards Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
