Re: ISC DHCP client and unsolicited DHCP options

[Tomas Hoger <thoger () redhat com>]

On Sun, 28 Jul 2013 15:30:27 +0200 Helmut Grohne wrote:

> At least on Debian, the default configuration requests the host-name
> option. The dhclient-script then evaluates this option and thereby
> enables a DHCP server to change the hostname if the current hostname
> is "(none)", "localhost" or a previously sent hostname. Changing the
> hostname can have undesired consequences such as breaking a running
> X11 session (can be considered remote denial of service).
>
> That is why a number of people (including me) remove host-name from
> the requested options. Now given the new findings, a DHCP server can
> still change the hostname of a connecting client by first sending an
> unsolicited host-name option with the current hostname and then
> changing the hostname in a RENEW. Guessing the current hostname
> should be easy in the presence of avahi or similar services.

The dhclient-script in dhcp packages in recent Fedora and Red Hat
Enterprise Linux versions allow administrator to define hook scripts
which are sourced by the dhclient-script.  Those hooks can unset
environment variables set by dhclient before they are processed by the
dhclient-script.  Not sure if other distros may want to add similar
mechanism:

http://pkgs.fedoraproject.org/cgit/dhcp.git/plain/dhclient-script

But as mentioned before, NetworkManager does its own processing and
does not use the standard dhclient-script.

-- 
Tomas Hoger / Red Hat Security Response Team