Security of dhcpd on non-listening interfaces?

stevel_isc at stevel_isc at
Tue Mar 1 19:34:14 UTC 2016

Ok, so now that my multiple chrooted dhcp servers idea was shot down in
flames I need to retreat to serving only the more secure vlans.

Some of you appear to know the code well.  How secure is the server from
malicious packets on non-listening interfaces?

What I mean is, does the code identify and discard packets (both ip and raw
sockets) for ignored interfaces prior to doing risky things (like parsing
and memory reallocation)?

Are there links to discussions on this?  I should check out the relevant
sections of code, but before starting from scratch I'll bet there's a wealth
of discussion somewhere.

More information about the dhcp-users mailing list