GNU bug report logs - #68619
dhcp-client-service-type uses end-of-life dhclient

Previous Next

Package: guix;

Reported by: Sören Tempel <soeren <at> soeren-tempel.net>

Date: Sat, 20 Jan 2024 18:46:02 UTC

Severity: normal

To reply to this bug, email your comments to 68619 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#68619; Package guix. (Sat, 20 Jan 2024 18:46:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Sören Tempel <soeren <at> soeren-tempel.net>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sat, 20 Jan 2024 18:46:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Sören Tempel <soeren <at> soeren-tempel.net>
To: bug-guix <at> gnu.org
Subject: dhcp-client-service-type uses end-of-life dhclient
Date: Sat, 20 Jan 2024 19:44:44 +0100

Hello,

I recently installed the Guix operating system and selected DHCP-based
network configuration in the installer. Today I noticed that the DHCP
client installed by default seems to be dhclient from ISC-DHCP. This is
problematic as this DHCP implementation has reached its end-of-life in
2022 [1]. This is also mentioned in the Guix package description.

The dhcp-client-service-type has a package configuration option, in
theory, allowing usage with other DHCP clients. Unfortunately, it seems
to require that the package provides /sbin/dhclient and I am not aware
of any package that has this executable. In general, it seems there
is no other DHCP client package available in Guix.

Therefore, I believe the course of action here would be to: (a) package
a different DHCP client (dhcpcd [2] may be a good candidate) and (b)
make sure that dhcp-client-service-type is compatible with this client
and uses it by default.

I would argue that this is an important issue, as a DHCP client
processes untrusted input from the local network and is thus subject to
potential security vulnerabilities.

Greetings,
Sören

[1]: https://www.isc.org/blogs/isc-dhcp-eol/
[2]: https://roy.marples.name/projects/dhcpcd
Information forwarded to bug-guix <at> gnu.org:
bug#68619; Package guix. (Sat, 27 Jan 2024 12:21:01 GMT) Full text and rfc822 format available.

Message #8 received at 68619 <at> debbugs.gnu.org (full text, mbox):

From: Sören Tempel <soeren <at> soeren-tempel.net>
To: 68619 <at> debbugs.gnu.org
Subject: Re: dhcp-client-service-type uses end-of-life dhclient
Date: Sat, 27 Jan 2024 13:20:00 +0100

> I believe the course of action here would be to: (a) package a
> different DHCP client (dhcpcd [2] may be a good candidate) and (b)
> make sure that dhcp-client-service-type is compatible with this client
> and uses it by default.

I started working on this, see <https://issues.guix.gnu.org/68675>.

Greetings
Sören
This bug report was last modified 1 year and 138 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.