On Fri, Oct 11, 2019 at 08:32:59AM +0800, Ben Woods wrote: > On Mon, 7 Oct 2019 at 8:53 am, Ben Woods <woods...@gmail.com> wrote: > > > On Thu, 16 May 2019 at 2:25 am, Hiroki Sato <h...@freebsd.org> wrote: > > > >> <driesm.michi...@gmail.com> wrote > >> in <001e01d50b49$176104d0$46230e70$@gmail.com>: > >> > >> dr> Has anyone ever thought or considered integrating an IPv6 DHCP client > >> in > >> dr> base? > >> > > > > I would like to discuss whether dhcpcd is a better option to import into > > FreeBSD base, rather than wide-dhcp6. > > > > Hi everyone, > > I have been working on importing dhcpcd into FreeBSD base over the last few > days, and should be ready to share something on phabricator for review this > weekend. > > In addition to the normal review cycle, given I am a ports committer (I > don???t have a src commit bit), I would need this to be endorsed and approved > by a src committer. > > I have heavily utilised the Makefile and rc scripts from DragonFly BSD. > > I don???t intend to include any changes to the kernel for improved dhcpcd > functionality as a part of this review - these could be made subsequently > if dhcpcd is committed. For now it would just be the same functionality as > if you used the net/dhcpcd port.
DHCP is one of the most exposed attack surfaces in existence. We expect it to take input from explicitly untrustworthy networks and perform actions as root. It might be OK to import this as a stopgap only supporting IPv6, but without capsicum or privilege separation (as noted elsewhere in the thread) it seems unlikely to be a good idea enable it by default or replace the existing IPv4 dhclient. -- Brooks
signature.asc
Description: PGP signature
