[pkg-dhcp-devel] package isc-dhcp-server (4.1.0-1) feature requests

Andrew Pollock apollock at debian.org
Wed Oct 14 14:52:56 UTC 2009 

On Wed, Oct 14, 2009 at 10:20:10AM +0200, Harald Jenny wrote:
> On Wed, Oct 14, 2009 at 06:19:37AM +1000, Andrew Pollock wrote:
> > On Tue, Oct 13, 2009 at 10:07:23PM +0200, Harald Jenny wrote:
> > > Dear maintainers,
> > > 
> > > as in upstream version of dhcp-server 4 the code for dropping root
> > > privileges and chrooting is included could you think about enabling it per
> > > default and make some changes to debconf and init-scripts to support more
> > > secure operation under debian?
> > 
> > Yes. Patches also accepted.
> 
> Ok, I'm not very experienced in making standard compliant debian packages so I have some questions:
> 
> 1. There are two methods for the chroot: The first is chrooting before
> connecting to syslog socket and reading the config file and the second one
> is after doing these things. Which one should be used for the debian
> package (compile-time directive)?

Does one lend itself to making the program more un-reconfigurable at runtime
than the other?

> 2. In which directory should the chroot occur? /var/lib/dhcp (as it would
> already be installed by the package per default) or should there be
> created another directory on the fly?

Maybe /var/run/isc-dhcp-server?

> 3. As the pid and lease file get created after chrooting both need paths
> to be created under the chroot (in case of early chroot also etc/dhcp and
> dev) - should this be done when installing the package in postinst or
> within the init script at startup time?

Hmm, I think maybe only created by the package maintainer script if the user
elects to use chrooting?

> 4. Should changing uid/chrooting be just a single option within debconf
> ("SHOULD DHCPD RUN AS NON-ROOT-USER AND CHROOTED?") or as a set of
> questions ("SHOULD DHCPD RUN AS NON-ROOT-USER? IF YES PLEASE ENTER
> USERNAME TO BE CREATED:") ("SHOULD DHCPD RUN CHROOTED? IF YES PLEASE ENTER
> DIRECTORY TO BE CREATED:") ?

The package can create a system user and group, and switch to running as
them (i.e. dhcp:dhcpd)

> 5. Considering the amount of differences would it be better to create
> seperate chrooted package versions for dhcp-server and dhcp-ldap-server?

I'd prefer to avoid that if possible.
 
> Maybe you could shed some light on these issues as it would ease patch development
> 
> > 
> > regards
> > 
> > Andrew
> 
> Sincerely
> Harald Jenny
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20091015/17d032dc/attachment.pgp>

More information about the pkg-dhcp-devel mailing list