Based on Marc's review, I won't be including this patch.
The cost of maintaining that patch isn't justified by the close to non-
existent added security. Our apparmor profile does a good job at
restricting what dhclient can do in a much better way than this patch.
As pointed out by Marc, the bina
Our AppArmor profile for dhclient is a lot better than doing this:
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_DAC_OVERRIDE); // Drop this someday
+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+
Subscribing the security team for review and opinions on:
- the idea
- patch quality
- interactions with our apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/810946
Title:
dhclient should d
** Changed in: isc-dhcp (Ubuntu)
Status: New => Confirmed
** Changed in: isc-dhcp (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/810946
Title:
dh
