Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130924083350.GA14354@gremlin.ru>
Date: Tue, 24 Sep 2013 12:33:50 +0400
From: gremlin@...mlin.ru
To: owl-users@...ts.openwall.com
Subject: Re: Owl 3.0 and Virtual Machine Setup?

On 23-Sep-2013 12:45:40 -0400, Jeffrey Walton wrote:

 >>> You might be surprised and disappointed, but we do not
 >>> officially provide a DHCP client in Owl. (We do provide a
 >>> DHCP server, though.) This is something we've been meaning to
 >>> change (for use cases such as yours), by introducing a properly
 >>> privilege-separated DHCP client, but haven't gotten around to
 >>> doing yet.

^^^^^^^^^^^^^^^^^^^^^^^^^

 >> I still think installing /usr/bin/dhclient 0700 root:root for
 >> manual on-demand running (`dhclient -1 eth0`) will not impose
 >> any real risk - people who care of security normally know where
 >> and how they are connected and whether they are willing to use
 >> such connection.

 > I don't think an Owl DHCP client makes the situation any worse
 > for me.  I already have a DHCP server in place, which means I
 > accepted the risk in exchange for ease of administration.

/me too :-)

ftp://gremlin.people.openwall.com/pub/linux/Owl/RPMS.x86_64/dhcp-*.rpm

Sizes and SHA1 hashes are:

dhcp-3.0.7-owl2.x86_64.rpm		232768	303ed0c26079bd82422d3d0c16b4fb399b4a10c3
dhcp-client-3.0.7-owl2.x86_64.rpm	208556	9272e8409dcd77045dda54452e7404be81a68f77
dhcp-relay-3.0.7-owl2.x86_64.rpm	87093	69d486816b70781534a0f6349a2da6a9f5bf4123
dhcp-server-3.0.7-owl2.x86_64.rpm	307430	17595dc50ef506ab8203f822ea0e019225901722

 > Are there any other security related issues specific to the client
 > at the network layer? Or, are the problems/concern centered around
 > a privileged separated client on the Owl machine?

Yes, and Solar clearly stated that - see above (underlined by me).


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.