In dhcpcd-2.0.1 and ealier the raw and UDP sockets were inherited by the dhcpcd.exe script and its children. If the children changed uid away from root, they would inherit otherwise unavailable rights to access these sockets. Found and fixed by Simon Kelly (simon@thekelleys.org.uk) dhcpcd-2.0.2 (now in portage) contains the fix.
is there a reason why this is assigned to component "auditing" or did that happen by accident? Can I call the arch security liaisons to mark this one stable?
Oppps, didn't must have been a mistake putting it under auditing! dhcpcd-2.0.2 is ready to go stable imo
ok then, sec liaisons (sp?) please test and mark stable, thank you.
stable on ppc64
ppc stable
sparc stable.
amd64 stable
Alpha done.
x86 done
hppa stable
uberlord: can we send the GLSA and open this bug ? Also please give more details about the impact (for GLSA drafters).
Sorry about the late response, dhcpcd-2.0.2 has introduced a slight bug that appears to only affect a small subset of people which we think we've now fixed on bug #124543 Anyway, the issue is that dhcpcd can call a script when any dhcp relation action has occurred, so the system can do other tasks such as start or stop services. Now, these services can drop to other users, such as apache, which would not normally have access to the resources left by the fd's which were leaked to the script. By default, Gentoo does not install any script for dhcpcd to use so this would have very minimal impact.
We should call a vote. Looks like minimal impact to me : it's more an unintended side-effect with potential security consequences than something exploitable, so I tend to vote no...
sounds like minimal impact, also vote NO
Closing without GLSA and opening bug, feel free to reopen if you think this needs a GLSA (practical exploit path).
