dhcpcd icon indicating copy to clipboard operation
dhcpcd copied to clipboard
verified publisher icon NetworkConfiguration

Security: Running dhcpcd as non root ?

Open ebanDev opened this issue 3 years ago • 7 comments

Hello, I'd wondering, is it possible to run dhcpcd as a non-root user by setting the right caps ? This could be interesting in a security perspective... Thanks :)

ebanDev avatar Feb 10 '22 15:02 ebanDev

dhcpcd-9 already supports sandbox techniques for FreeBSD (capsicum), OpenBSD (pledge) and Linux (seccomp).

This means that the root owned process doesn't directly handle any input from anything other than non root owned dhcpcd processes. It also does the bare minimum - ie just carry out a pre-defined action from one of the non root processes.

You're welcome to try and patch the root process not to run as root though if you can set the right caps for it :)

https://github.com/NetworkConfiguration/dhcpcd/blob/master/src/privsep-root.c https://github.com/NetworkConfiguration/dhcpcd/blob/master/src/privsep-linux.c

rsmarples avatar Feb 10 '22 15:02 rsmarples

Thanks for your answer :D I don't code in C, so I'll not be able to patch anything unfortunately 😅

ebanDev avatar Feb 10 '22 16:02 ebanDev