Bug #11630: Check what to do wrt. NetworkManager's internal DHCP client vs. isc-dhcp-client

Bug #11630

Check what to do wrt. NetworkManager's internal DHCP client vs. isc-dhcp-client

Added by intrigeri 2016-08-11 08:40:20 . Updated 2016-08-25 09:07:31 .

Status:

Resolved

Priority:

Normal

Assignee:

intrigeri

Category:

Target version:

Tails_3.0

Start date:

2016-08-11

Due date:

% Done:

100%

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

network-manager (1.2.4-2) unstable; urgency=medium

  * Demote isc-dhcp-client from Depends to Recommends.
    NetworkManager will automatically fall back to the internal dhcp client if
    dhclient is not available. (Closes: #826680)

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826680 for details.

It seems to me that if the internal dhcp client has the features we want (e.g. wrt. not sending the hostname on the network), then we should go for it: isc-dhcp-client is lots of old code, and has a history of security issues.

At the very least, we should make sure that whatever happens, without us changing our Git tree, works and is safe.

Subtasks

Related issues

Related to Tails - ~~Bug #11720~~: DHCP requests leak hostname on Stretch	Resolved	2016-08-25
Related to Tails - Bug #16948: Deal with NetworkManager 1.20+ defaulting to its internal DHCP client	Confirmed

History

#1 Updated by intrigeri 2016-08-25 07:20:18

Status changed from Confirmed to In Progress
% Done changed from 0 to 10

According to our test suite, current feature/stretch (with isc-dhcp-client) does leak the hostname on the network: dhcp-send-hostname=false seems to be ignored. The internal DHCP client can’t do much worse => I’ll give it a try.

#2 Updated by intrigeri 2016-08-25 08:04:03

Just switching to the internal DHCP client does not fix the hostname leak. I’ll try other things such as:

set dhcp-send-hostname=false in config/chroot_local-includes/etc/NetworkManager/system-connections/Wired connection (in case the fact that it exists already makes it ignore the defaults we set in config/chroot_local-includes/etc/NetworkManager/conf.d/dhcp-hostname.conf
drop customization of the list of plugins
set dhcp-send-hostname=false directly in NetworkManager.conf
set dhcp-send-hostname=false in a [ip] block
set dhcp-send-hostname=false in a [ip4] block

#3 Updated by intrigeri 2016-08-25 08:31:04

Once this is fixed, somehow: wake sure that we forbid setting the hostname to a value controlled by the DHCP server.

#4 Updated by intrigeri 2016-08-25 09:07:31

Status changed from In Progress to Resolved
% Done changed from 10 to 100

Fixing the DHCP hostname leak seems to be orthogonal to this issue, so I’m going to move this topic to the backburner for a while: as long as Debian does not changes the default we’ll stick to isc-dhclient. It certainly has a not-so-good security history, but at least it’s a separate process (that we confine with AppArmor), and it has been attacked for a while, contrary to the brand new code in NM => it’s not obvious which one is safest, so the status quo wins for now since it’s less work and risk of breakage for us.

#5 Updated by intrigeri 2016-08-25 09:07:40

related to ~~Bug #11720~~: DHCP requests leak hostname on Stretch added

#6 Updated by intrigeri 2019-08-18 11:29:57

related to Bug #16948: Deal with NetworkManager 1.20+ defaulting to its internal DHCP client added