| #
46ebbf29 |
| 29-Aug-2022 |
deraadt <deraadt@openbsd.org> |
Dynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd,
resolvd, slaacd, unwind.
The mitigation story is way better: syscalls are in a randomly located
libc, and every syscall stub is
Dynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd,
resolvd, slaacd, unwind.
The mitigation story is way better: syscalls are in a randomly located
libc, and every syscall stub is randomly located inside that due to
random relinking. As opposed to fixed offset inside a release binary.
There is one known consequence: /usr nfs mounting must use statically
configured IP addresses.
ok kettenis florian, others
show more ...
|
| #
a41cc082 |
| 26-Jul-2021 |
florian <florian@openbsd.org> |
Implement possibility to send vendor class identifier (option 60) and
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendo
Implement possibility to send vendor class identifier (option 60) and
client identifier (option 61). Some dhcp servers expect these options
and refuse to hand out a lease without them.
Need for vendor class identifier pointed out & tested by bket
Need for client identifier pointed out by sthen
Input & reads OK sthen (as part of a larger diff)
OK kn (as part of a larger diff)
show more ...
|
| #
57419a7f |
| 26-Feb-2021 |
florian <florian@openbsd.org> |
Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases
from servers.
dhcpleased(8) follows the well known three process design of all our
privsep daemons. It uses pledge(2) and unveil(2
Import dhcpleased(8) - a dhcp daemon to acquire IPv4 address leases
from servers.
dhcpleased(8) follows the well known three process design of all our
privsep daemons. It uses pledge(2) and unveil(2) to restrict access
further. In particular the "engine" process, responsible for parsing
of untrusted data, is pledge'd "stdio". It cannot access the outside
world nor the filesystem at all.
Like slaacd(8) for IPv6 it will be always running and acquire addresses
for all interface with the autoconf4 flag set.
The flag can be set by "ifconfig $if inet autoconf" or by adding
"inet autoconf" to /etc/hostname.if. An existing "dhcp" line should
be removed.
Various iterations tested by deraadt@
The hardest part, finding a name, was handled by jmatthew@ & otto@
"get to it :)" deraadt@
show more ...
|