Ubuntu
udhcp package

Main inclusion request for udhcpc

Bug #383177 reported by Stéphane Graber
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
udhcp (Ubuntu)
Fix Released
Undecided
Kees Cook

Bug Description

I'd like the udhcp client to be promoted to main for use in LTSP.
Details on the following wiki page: https://wiki.ubuntu.com/MainInclusionReportUdhcp

Tags: iso-testing
Stéphane Graber (stgraber)
Changed in udhcp (Ubuntu):
assignee: nobody → Alexander Sack (asac)
Revision history for this message
Alexander Sack (asac) wrote :

in general i would be ok with this, but i think we need at least a brief security review as its running as root and processes data from the net. However, the code base is small enough, so this might not take so long.

Changed in udhcp (Ubuntu):
assignee: Alexander Sack (asac) → Ubuntu Security Team (ubuntu-security)
status: New → In Progress
Martin Pitt (pitti)
Changed in udhcp (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Kees Cook (kees)
status: In Progress → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

I would like to see 2 things before this gets approved:
 - an AppArmor profile that matches the functionality of the exist dhcp-client profile to confine this root process (see https://help.ubuntu.com/community/AppArmor#Creating%20a%20new%20profile ).
 - verifying that MTU is not set lower than 576, as we've had to fix with both network-manager and dhcp-client (see bug 352779).

Changed in udhcp (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Stéphane Graber (stgraber) wrote : Re: [Bug 383177] Re: Main inclusion request for udhcpc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kees Cook wrote:
> I would like to see 2 things before this gets approved:
> - an AppArmor profile that matches the functionality of the exist dhcp-client profile to confine this root process (see https://help.ubuntu.com/community/AppArmor#Creating%20a%20new%20profile ).
> - verifying that MTU is not set lower than 576, as we've had to fix with both network-manager and dhcp-client (see bug 352779).

Thanks for the review.
For the apparmor profile, udhcpc will be used in the initramfs where we
don't have apparmor loaded yet, also udhcpc is calling scripts written
by the user and so we can't assume any fix location for these.

For the MTU, udhcpc is only exporting the values from the dhcp server as
environment variable leaving the job of configuring the interface to the
scripts. None of the example scripts are setting the MTU so it's not an
issue.

Stéphane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpbqtYACgkQjxyfqkjBhuwQxgCeInGRRF4la7Qouv+ZMV9X7zep
8RsAnAlpq0yUdG+tRC8NXX9edS7tWM27
=fHxQ
-----END PGP SIGNATURE-----

Revision history for this message
Kees Cook (kees) wrote :

Approved.

Changed in udhcp (Ubuntu):
status: Incomplete → In Progress
Alexander Sack (asac)
Changed in udhcp (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Promoted

Changed in udhcp (Ubuntu):
status: Fix Committed → Fix Released
Ubuntu QA Website (ubuntuqa)
tags: added: iso-testing
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.