BIND 10 #3176: DHCP server dies because setting SO_BINDTODEVICE option on socket failed.

BIND 10 Development do-not-reply at isc.org
Tue Oct 8 16:52:08 UTC 2013 

#3176: DHCP server dies because setting SO_BINDTODEVICE option on socket failed.
-------------------------------+-----------------------------------------
            Reporter:  thozza  |                        Owner:
                Type:  defect  |                       Status:  new
            Priority:  medium  |                    Milestone:  New Tasks
           Component:  dhcp    |                   Resolution:
            Keywords:          |                 CVSS Scoring:
           Sensitive:  0       |              Defect Severity:  N/A
         Sub-Project:  DHCP    |  Feature Depending on Ticket:
Estimated Difficulty:  0       |          Add Hours to Ticket:  0
         Total Hours:  0       |                    Internal?:  0
-------------------------------+-----------------------------------------

Comment (by marcin):

 Currently DHCP components require root privileges to start. Not only is it
 implied by the fact that they open privileged ports (DHCP) but also DHCPv4
 requires opening of the raw sockets. The raw sockets are required in cases
 when DHCPv4 has to respond to the client which doesn't have an address
 yet. Since we create raw sockets we have to set various options including
 SO_BINDTODEVICE which also appears to require super user privileges to be
 set.

 The bind10 framework has a component called b10-sockcreator
 (src/bin/sockcreator) which is implemented to overcome this issue. The
 b10-sockcreator is always run as root (regardless whether -u option is
 used or not). That way the socket creator is the only place where root
 privileges should be needed. However, at this point DHCP components DO NOT
 use b10-sockcreator and they open and bind sockets by themselves.

 We do have a ticket to migrate DHCP to b10-sockcreator approach:
 http://bind10.isc.org/ticket/2780, but we are not planning to implement it
 any time soon due to prioritization.

 Obviously, all contributions are welcome here. We will be happy to review
 and merge patches to the existing code that support running DHCP with non-
 root privileges.

 Many Thanks for your efforts!

-- 
Ticket URL: <http://bind10.isc.org/ticket/3176#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list