dhcp-client-service-type uses end-of-life dhclient

Recipients:(address . bug-guix@gnu.org)

Message-ID:3IU8CAI5QIGEI.2W06JXCLXMAYZ@8pit.net

Hello,

I recently installed the Guix operating system and selected DHCP-based

network configuration in the installer. Today I noticed that the DHCP

client installed by default seems to be dhclient from ISC-DHCP. This is

problematic as this DHCP implementation has reached its end-of-life in

2022 [1]. This is also mentioned in the Guix package description.

The dhcp-client-service-type has a package configuration option, in

theory, allowing usage with other DHCP clients. Unfortunately, it seems

to require that the package provides /sbin/dhclient and I am not aware

of any package that has this executable. In general, it seems there

is no other DHCP client package available in Guix.

Therefore, I believe the course of action here would be to: (a) package

a different DHCP client (dhcpcd [2] may be a good candidate) and (b)

make sure that dhcp-client-service-type is compatible with this client

and uses it by default.

I would argue that this is an important issue, as a DHCP client

processes untrusted input from the local network and is thus subject to

potential security vulnerabilities.

Greetings,

Sören

Recipients:(address . 68619@debbugs.gnu.org)

Message-ID:3LUKRN8R16NG9.2HYTH3MP63RCA@8pit.net

Toggle quote (5 lines)

> I believe the course of action here would be to: (a) package a

> different DHCP client (dhcpcd [2] may be a good candidate) and (b)

> make sure that dhcp-client-service-type is compatible with this client

> and uses it by default.

Greetings

Sören

Your comment

Commenting via the web interface is currently disabled.

To respond to this issue using the mumi CLI, first switch to it

mumi current 68619

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch