I thought we were already using it, as dhcpcd runs like this on my system:
2353 ? S 0:10 dhcpcd: red0 [ip4] 2354 ? S 0:00 _ dhcpcd: [privileged proxy] red0 [ip4] 2392 ? S 0:00 | _ dhcpcd: [BPF ARP] red0 100.64.27.48 3276 ? S 0:00 | _ dhcpcd: [network proxy] 100.64.27.48 2355 ? S 0:00 _ dhcpcd: [control proxy] red0 [ip4]
I thought this is because it has forked different processes with different privileges that cannot be exploited as easily.
-Michael
On 2 Jun 2023, at 11:33, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
On 02/06/2023 11:01, Michael Tremer wrote:
Hello Adolf, Why do we need to disable the privilege separation feature here?
It doesn't but I suspected that some changes would be needed to the config file to actually use it and as I don't know what would need to be changed if I built it with privilege separation then it might not work anymore.
If it is relatively easy to set privilege separation up and someone can tell me what changes I need to make in the config file and/or elsewhere then I can do a v2 version of the patch, also testing it out to confirm it works.
Regards, Adolf.
-Michael
On 19 May 2023, at 12:47, Adolf Belka adolf.belka@ipfire.org wrote:
- Update from version 9.4.1 to 10.0.1
- Update of rootfile not required
- Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red successfully made.
- Changelog is no longer provided. For details of changes you have to look at the commits log - https://github.com/NetworkConfiguration/dhcpcd/commits
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/dhcpcd | 11 ++++++----- ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} | 0 2 files changed, 6 insertions(+), 5 deletions(-) rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)
diff --git a/lfs/dhcpcd b/lfs/dhcpcd index 2373198da..ae1b75053 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 9.4.1 +VER = 10.0.1
THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87 +$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
install : $(TARGET)
@@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
cd $(DIR_APP) && ./configure \ --prefix="" \ --sysconfdir=/var/ipfire/dhcpc \ --dbdir=/var/ipfire/dhcpc \ --libexecdir=/var/ipfire/dhcpc \
- --mandir=/usr/share/man
- --mandir=/usr/share/man \
- --disable-privsep
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch similarity index 100% rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch -- 2.40.1
-- Sent from my laptop