dhcp-client-service-type uses end-of-life dhclient

  • Open
  • quality assurance status badge
Details
One participant
  • Sören Tempel
Owner
unassigned
Submitted by
Sören Tempel
Severity
normal
S
S
Sören Tempel wrote on 20 Jan 19:44 +0100
(address . bug-guix@gnu.org)
3IU8CAI5QIGEI.2W06JXCLXMAYZ@8pit.net
Hello,

I recently installed the Guix operating system and selected DHCP-based
network configuration in the installer. Today I noticed that the DHCP
client installed by default seems to be dhclient from ISC-DHCP. This is
problematic as this DHCP implementation has reached its end-of-life in
2022 [1]. This is also mentioned in the Guix package description.

The dhcp-client-service-type has a package configuration option, in
theory, allowing usage with other DHCP clients. Unfortunately, it seems
to require that the package provides /sbin/dhclient and I am not aware
of any package that has this executable. In general, it seems there
is no other DHCP client package available in Guix.

Therefore, I believe the course of action here would be to: (a) package
a different DHCP client (dhcpcd [2] may be a good candidate) and (b)
make sure that dhcp-client-service-type is compatible with this client
and uses it by default.

I would argue that this is an important issue, as a DHCP client
processes untrusted input from the local network and is thus subject to
potential security vulnerabilities.

Greetings,
Sören

S
S
Sören Tempel wrote on 27 Jan 13:20 +0100
(address . 68619@debbugs.gnu.org)
3LUKRN8R16NG9.2HYTH3MP63RCA@8pit.net
Toggle quote (5 lines)
> I believe the course of action here would be to: (a) package a
> different DHCP client (dhcpcd [2] may be a good candidate) and (b)
> make sure that dhcp-client-service-type is compatible with this client
> and uses it by default.

I started working on this, see https://issues.guix.gnu.org/68675.

Greetings
Sören
?