Red Hat Bugzilla – Bug 508247
/etc/dhcp/dhcpd.conf is world-readable
Last modified: 2009-06-30 03:46:44 EDT
According to a Gentoo bug report , the dhcpd.conf configuration file is world-readable. I took a look at Fedora and RHEL5 and the same issue exists. This isn't a major issue I don't think, but by default it could and should probably be mode 0600 as dhcpd is run fully as root and really only root needs access to this file.
The Gentoo bug mentions changing the ownership and permissions of the /etc/dhcp subdirectory, not just the dhcpd.conf file. Would that not be a better approach?
I think either way works. I'm not sure what else, if anything, is being put in that directory, but making dhcpd.conf mode 0600 and the directory mode 0750 or 0700 would be fine. You'd have to make there are no regressions with the directory mode change (again, as I'm unsure whether anything else would use it... I have my doubts since on RHEL5 we use /etc/dhcpd.conf so I suspect this directory should be exclusively used for that file).
I'll make the permission changes in the next rawhide build.
For F-11, I changed the dhcp package to have all configuration files stored in /etc/dhcp because the number of possible files was cluttering up /etc. In /etc/dhcp, you can have:
Additionally, I created the /etc/dhcp/dhclient.d directory and expanded dhclient-script to support executing scripts from that subdirectory. The idea is that other packages can provide handlers for specific DHCP options. As of now, there is ntp.sh and nis.sh provided by ntp and ypbind, respectively.
These changes will show up in RHEL 6.0.
Ok, great. In light of the above, changing the permissions on the directory sounds like the best way forward. Thanks for the explanation and the fix.
Will be fixed in dhcp-4.1.0-22.fc12.