DHCPv6 client in base
Roy Marples
roy at marples.name
Sat Nov 30 03:24:01 UTC 2019
Hey Ben
On 30/11/2019 02:52, Ben Woods wrote:
> I have just added the new port net/dhcpcd-devel which uses the latest
> commit (273915d), and enables privilege separation.
>
> So far it seems to be working ok for me!
Good!
I've had a fair bit of feedback from the initial commit and the latest
(which you've imported) has everything fixed thus far.
> Couple of comments / questions:
> 1. I have setup the low privileged user to be the existing FreeBSD user
> "_dhcp" [1]. Using a global CFLAG for this seems a bit clunky - it might
> be nicer if this could either be a configure option or a runtime option.
pkgsrc and NetBSD Makefiles seem to define the user via CFLAGS.
I don't see any standard configure option for this, which is why it's
currently how it is.
If dhcpcd is imported, then configure generally isn't run, so CFLAGS
makes sense to me.
> 2. I have configured both /var/db/dhcpcd/ and /var/run/dhcpcd/ to have
> owner:group as _dhcp:_dhcp (the low privilege processes will have both
> read and write access to these folders). Is that correct? I note that
> the commit message referenced below [2] states read access is required
> to /var/db/dhcpcd/, but the text added to README.md states write access
> is required.
The README.md is correct, the commit comment is wrong.
The unpriviledged user needs to write to the db directory - for example,
new lease files.
> 3. Can you please confirm the output below [3] looks right / matches
> your privilege separation design?
>
> [1]
> https://svnweb.freebsd.org/ports/head/net/dhcpcd-devel/Makefile?revision=518697&view=markup#l26
> [2]
> https://roy.marples.name/cgit/dhcpcd.git/commit/?id=0e5bfa4eb22f7b6412d23b9548bf157f9fea88c2
> [3] privilege separation output:
>
> # ps auxwwd | grep dhcpcd
> _dhcp 7652 0.0 0.0 12232 3012 - S 10:25 0:00.00
> |-- dhcpcd: [master] [ip4] [ip6] (dhcpcd)
> root 7878 0.0 0.0 11724 2852 - S 10:25 0:00.00
> | |-- dhcpcd: [privileged actioneer] (dhcpcd)
> _dhcp 10455 0.0 0.0 11724 2852 - S 10:25 0:00.00
> | | `-- dhcpcd: [BPF ARP] wlan0 (dhcpcd)
> _dhcp 7903 0.0 0.0 11696 2844 - S 10:25 0:00.00
> | `-- dhcpcd: [network proxy] (dhcpcd)
Only the privileged actioneer process runs as the privileged user, so
yes it does match the design. The other process are chrooted to the
unprivileged users home directory.
Here's a list of the operations the priviledged actioneer performs:
* write to ioctl(2)
* write to route(4)
* posix_spawn(3) the dhcpcd-run-hooks script
* open BPF {BOOTP,ARP} on demand
* bind to an address:{BOOTPC,dhcpv6-client} port on demand
The latter two operations spawn process per protocol/address and drop
privs as soon as the socket is bound.
The last operation is needed when dhcpcd is not running in master mode.
Hopefully this helps SomeOne (TM) write FreeBSD capsicum support.
>
> # ls -lah /var/db/dhcpcd/
> drwxr-xr-x 2 _dhcp _dhcp 3B Nov 30 10:28 .
> drwxr-xr-x 19 root wheel 34B Nov 30 10:28 ..
> -rw-r--r-- 1 _dhcp _dhcp 300B Nov 30 10:28 wlan0-mySSIDname.lease
>
> # ls -lah /var/run/dhcpcd/
> drwxr-xr-x 3 _dhcp _dhcp 6B Nov 30 10:28 .
> drwxr-xr-x 20 root wheel 48B Nov 30 10:28 ..
> drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 hook-state
> -rw-r--r-- 1 _dhcp _dhcp 6B Nov 30 10:28 pid
> srw-rw---- 1 _dhcp _dhcp 0B Nov 30 10:28 sock
> srw-rw-rw- 1 _dhcp _dhcp 0B Nov 30 10:28 unpriv.sock
>
> # ls -lah /var/run/dhcpcd/hook-state/
> drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 .
> drwxr-xr-x 3 _dhcp _dhcp 6B Nov 30 10:28 ..
> drwxr-xr-x 2 root _dhcp 2B Nov 30 10:28 ntp.conf
>
> # ls -lah /var/run/dhcpcd/hook-state/ntp.conf/
> drwxr-xr-x 2 root _dhcp 2B Nov 30 10:28 .
> drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 ..
All looks fine.
Roy
More information about the freebsd-net
mailing list