Bug 1299562
Summary: | dhcpd/dhclient create an random listening port in addition to UDP 67/68 | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | mpathan | ||||
Component: | dhcp | Assignee: | Pavel Zhukov <pzhukov> | ||||
Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.2 | CC: | charlieb-fedora-bugzilla, jikortus, jstodola, nchavan, pemensik, psklenar, rhbugs, rpiddapa, santony, thozza | ||||
Target Milestone: | rc | Keywords: | Patch | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | dhcp-4.2.5-60.el7 | Doc Type: | If docs needed, set a value | ||||
Doc Text: |
Cause: dhclient opened additional random port for listening
Consequence: Security applications reported issue.
Fix: Port are opened only if the DDNS functionality is used by dhclient.
Result: No additional port opened in case if DNS update is not in use.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-04-10 08:00:52 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1298243, 1386624, 1420851, 1465887, 1465928 | ||||||
Attachments: |
|
Description
mpathan
2016-01-18 16:00:08 UTC
As described in bug #962950, comment #5 it's libdns (bind package) what opens these ports and that the only workaround I'm aware of is building dhcpd/dhclient without DDNS support which is most likely not what we want. I can reassign this to bind to further investigate whether it'd be possible to not open these ports in libdns during initialization. Created attachment 1269039 [details]
spawn dns ports on demand later
Simple fix delaying creation of those ports. I did not check for possible race conditions much, but it seems to fix the issue.
I think it would be useful for Red Hat to report this bug and the proposed fix to the upstream bug tracker: https://bugs.isc.org/Public/Dist/Display.html?Name=dhcp-public *** Bug 1486801 has been marked as a duplicate of this bug. *** (In reply to Charlie Brady from comment #21) > I think it would be useful for Red Hat to report this bug and the proposed > fix to the upstream bug tracker: > > https://bugs.isc.org/Public/Dist/Display.html?Name=dhcp-public Since we follow the rule "upstream first", this was done months ago... https://bugs.isc.org/Public/Bug/Display.html?id=45290 https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=ca22af89996483efd820de0084c964fc336ee7c1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0658 |