Main inclusion request for udhcpc

Bug #383177 reported by Stéphane Graber on 2009-06-03
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
udhcp (Ubuntu)
Undecided
Kees Cook

Bug Description

I'd like the udhcp client to be promoted to main for use in LTSP.
Details on the following wiki page: https://wiki.ubuntu.com/MainInclusionReportUdhcp

Changed in udhcp (Ubuntu):
assignee: nobody → Alexander Sack (asac)
Alexander Sack (asac) wrote :

in general i would be ok with this, but i think we need at least a brief security review as its running as root and processes data from the net. However, the code base is small enough, so this might not take so long.

Changed in udhcp (Ubuntu):
assignee: Alexander Sack (asac) → Ubuntu Security Team (ubuntu-security)
status: New → In Progress
Martin Pitt (pitti) on 2009-07-07
Changed in udhcp (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Kees Cook (kees)
status: In Progress → Confirmed
Kees Cook (kees) wrote :

I would like to see 2 things before this gets approved:
 - an AppArmor profile that matches the functionality of the exist dhcp-client profile to confine this root process (see https://help.ubuntu.com/community/AppArmor#Creating%20a%20new%20profile ).
 - verifying that MTU is not set lower than 576, as we've had to fix with both network-manager and dhcp-client (see bug 352779).

Changed in udhcp (Ubuntu):
status: Confirmed → Incomplete

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kees Cook wrote:
> I would like to see 2 things before this gets approved:
> - an AppArmor profile that matches the functionality of the exist dhcp-client profile to confine this root process (see https://help.ubuntu.com/community/AppArmor#Creating%20a%20new%20profile ).
> - verifying that MTU is not set lower than 576, as we've had to fix with both network-manager and dhcp-client (see bug 352779).

Thanks for the review.
For the apparmor profile, udhcpc will be used in the initramfs where we
don't have apparmor loaded yet, also udhcpc is calling scripts written
by the user and so we can't assume any fix location for these.

For the MTU, udhcpc is only exporting the values from the dhcp server as
environment variable leaving the job of configuring the interface to the
scripts. None of the example scripts are setting the MTU so it's not an
issue.

Stéphane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpbqtYACgkQjxyfqkjBhuwQxgCeInGRRF4la7Qouv+ZMV9X7zep
8RsAnAlpq0yUdG+tRC8NXX9edS7tWM27
=fHxQ
-----END PGP SIGNATURE-----

Kees Cook (kees) wrote :

Approved.

Changed in udhcp (Ubuntu):
status: Incomplete → In Progress
Alexander Sack (asac) on 2009-07-14
Changed in udhcp (Ubuntu):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Promoted

Changed in udhcp (Ubuntu):
status: Fix Committed → Fix Released
tags: added: iso-testing
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers