Ubuntu
dhcp3 package

dhclient silently ignores unreadable config-file

Bug #537851 reported by Mike C. Fletcher on 2010-03-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dhcp3 (Ubuntu)	Confirmed	Low	Unassigned

Bug Description

When running dhclient against a config-file that happens not to be whitelisted by app-armour, dhclient will silently ignore the failure and continue with the default config-file in /etc/dhcp3/dhclient.conf rather than error out. dhclient should (at least) report an error/warning on stdout, and should likely exit with a non-zero error code when an explicitly-passed config-file is not readable. That is, if the user has *explicitly* specified a config on the command-line, no config other than that config should be used.

To reproduce/test, create a dhclient.conf file anywhere that isn't readable/writable by the app-armour profile (such as ~/) with a non-standard option specified (one that is not in your /etc/dhcp3/dhclient.conf):

send vendor-class-identifier "myvendorname";

and attempt to run:

$ sudo dhclient -cf ~/dhclient.conf -lf /var/lib/dhcp3/test.leases eth0

while running wireshark for eth0. dhclient will silently ignore the failure to load ~/dhclient.conf and will instead use /etc/dhcp3/dhclient.conf (you can see this in your wireshark dump, as vendor-class-identifier will not be sent). Move the same file to /etc/dhcp3/dhclient-test.conf and run again and you should see the option being sent.

Description: Ubuntu 9.10
Release: 9.10

Package: dhcp3-client
State: installed
Automatically installed: no
Version: 3.1.2-1ubuntu7.1

Revision history for this message

Chuck Short (zulcss) wrote on 2010-03-15:

Can you run a strace with the command and please attach the output?

Thanks
chuck

Changed in dhcp3 (Ubuntu):
importance:	Undecided → Low
status:	New → Incomplete

Revision history for this message

Chuck Short (zulcss) wrote on 2010-08-26:

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in dhcp3 (Ubuntu):
status:	Incomplete → Invalid

Jean-Pierre van Riel (jpvr) on 2011-11-07

Changed in dhcp3 (Ubuntu):
status:	Invalid → Confirmed

Revision history for this message

Jean-Pierre van Riel (jpvr) wrote on 2011-11-07:

strace log of file IO for dhclient Edit (4.7 KiB, text/plain)

I can confirm this issue. I have reproduced the problem and used strace. I've also found the app-armour log entry. The app-armour disallowing the -cf <new location> is presumably intentional. The bug is that dhclient3 does not warn the user or log an error when it's unable to open the file parsed to -cf.

In trace-cust-dhcpclient.log:

open("/home/<user>/Scripts/reroute/dhclient-cust-sbsa.conf", O_RDONLY) = -1 EACCES (Permission denied)

In kern.log

Nov 7 17:09:18 <hostname> kernel: [20777.329386] type=1400 audit(1320678558.977:25): apparmor="DENIED" operation="open" parent=8316 profile="/sbin/dhclient3" name="/home/<user>/Scripts/reroute/dhclient-cust-sbsa.conf" pid=8317 comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000

The trace was produced as follows: sudo strace -e trace=file dhclient -e IF_METRIC=0 -cf /home/enigma/Scripts/reroute/dhclient-cust-sbsa.conf usb0 &> trace-cust-dhcpclient.log