Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130813230854.27d82c9d@redhat.com>
Date: Tue, 13 Aug 2013 23:08:54 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: helmut@...divi.de
Subject: Re: ISC DHCP client and unsolicited DHCP options

On Sun, 28 Jul 2013 15:30:27 +0200 Helmut Grohne wrote:

> At least on Debian, the default configuration requests the host-name
> option. The dhclient-script then evaluates this option and thereby
> enables a DHCP server to change the hostname if the current hostname
> is "(none)", "localhost" or a previously sent hostname. Changing the
> hostname can have undesired consequences such as breaking a running
> X11 session (can be considered remote denial of service).
> 
> That is why a number of people (including me) remove host-name from
> the requested options. Now given the new findings, a DHCP server can
> still change the hostname of a connecting client by first sending an
> unsolicited host-name option with the current hostname and then
> changing the hostname in a RENEW. Guessing the current hostname
> should be easy in the presence of avahi or similar services.

The dhclient-script in dhcp packages in recent Fedora and Red Hat
Enterprise Linux versions allow administrator to define hook scripts
which are sourced by the dhclient-script.  Those hooks can unset
environment variables set by dhclient before they are processed by the
dhclient-script.  Not sure if other distros may want to add similar
mechanism:

http://pkgs.fedoraproject.org/cgit/dhcp.git/plain/dhclient-script

But as mentioned before, NetworkManager does its own processing and
does not use the standard dhclient-script.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.