[pkg-dhcp-devel] Bug#672232: isc-dhcp-client: client requests (and applies) properties, though removed from the request int the config
f30 at f30.me
Sun Mar 30 11:30:21 UTC 2014
I can confirm such behaviour, but I don’t think it’s a bug:
The `request` setting really only specifies what options the client’s request contains. The server then replies with some arbitrary options, which may or may not match the requested. The client applies whatever options that response contains.
I verified using Wireshark that the protocol is being followed and options missing from the config really aren’t requested.
I don’t think „rogue DHCP server“ is part of the threat model at this point: The client just trusts the server and if it’s a rogue one, the network admin is supposed to get rid of it and in the meantime, you’re also in trouble for the options you actually requested.
However, there appears to be no way to just ignore certain options from the request: You can use `supersede`, but it only allows to force a specific value and not to remove the option entirely. See my Unix & Linux Stack Exchange question  on that.
I filed a feature request for that with ISC, but unfortunately, they don’t have a public bugtracker.
More information about the pkg-dhcp-devel