[Pkg-utopia-maintainers] Bug#717158: [Secure-testing-team] Bug#717158: network-manager: ignores settings from dhclient.conf and requests insecure properties

Florian Weimer fw at deneb.enyo.de
Wed Jul 17 19:15:22 UTC 2013


* Christoph Anton Mitterer:

> NM aparently thinks it's smarter and ignores any settings from
> dhclient.conf.  This leads to security problems, if one
> e.g. intentionally told dhcp to ignore properties like the
> dns-search path, which may be used by a hostile dhcp server to trick
> you into wrong domains.

dhclient.conf only controls which options are requested from the
server, the client will process unsolicited options anyway.
Therefore, changing dhclient.conf adds zero additional security.

Upstream provided means to fix this in ISCP DHCP 4.2.5, but it
requires adjustments to our DHCP response handling script.



More information about the Pkg-utopia-maintainers mailing list