Openrc per default uses netifrc for network clients like udhcpc. netifrc in turn implicitly uses busybox. Busybox in turn gets installed in a statically linked form by some other means, probably with the intention to have it ready in case there are problems with the dynamic linker. In effect all my hardened systems did run a statically linked busybox binary as root: root 2200 1 0 Jan29 ? 00:00:00 /bin/busybox udhcpc -x hostname samba --interface=enp3s0 --now --script=/lib/netifrc/sh/udhcpc-hook.sh --pidfile=/var/run/udhcpc-e Running a statically linked binary as root means that the hardened kernel will be almost unable to intercept an ongoing attac.
CCing blueness, maybe hardened has some comment on this report?
I am adding netifrc; this is actually an issue with the netifrc scripts since OpenRC itself doesn't run any dhcp clients.
<hat type="netifrc"> netifrc uses whatever DHCP client you have specified. It has to run them as root (or at least CAP_NET_ADMIN) so they have suitable socket access for sending DHCP requests. I see two options for you: - run a non-static busybox - use a different DHCP client (not from busybox): net-misc/pump, net-misc/dhcpcd, net-misc/dhcp </hat> security: is there a need to keep this bug locked? I don't see it as a legitimate security bug, but rather a product of the user's choices.
Using whiteboard for netifrc bug tracking.
Unrestricting.
Hardened kernels are no longer supported (dependent on which features one considers). Bug can also be mitigated dependent on users choice of dhcp daemon. Concur with Robins comments above.
