[Buildroot] Enable missing security options for ISC dhcp server
Andreas Ehmanns
universeiii at gmx.de
Mon Apr 25 15:40:59 UTC 2022
Dear all,
I was trying to make the ISC dhcp daemon more secure by using the -user
and -group option to let dhcp server run as non-root user.
Unfortunately these options are not available when building ISC dhcp
server with buildroot.
The reason is, that the configure script must be called with the
additional option --enable-paranoia to activate these options.
But this option is not set in the dhcp.mk file.
To be backward compatible I added a new option to the dhcp's Config.in
to enable this feature when desired.
If you are interested in this feature and can create a patch and send it
this list to make the change available to all buildroot users.
Let me know what you think. Below are some details.
Regards,
Andreas
1) Add this to Config.in:
config BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA
bool "Enable paranoia options"
depends on BR2_PACKAGE_DHCP_SERVER
help
Add option --enable-paranoia to configure script. This activates
additional server options (-user, -group and -chroot) to make
dhcp server more secure.
2) And to dhcp.mk:
ifeq ($(BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA),y)
DHCP_CONF_OPTS += --enable-paranoia
endif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20220425/7d061902/attachment.html>
More information about the buildroot
mailing list