Weird problem of multiple dhcp processes running in parallel!

Glenn Satchell glenn.satchell at uniq.com.au
Tue Nov 15 21:11:05 UTC 2016 

Do each of the chrooted dhcpd processes have their own /var/run/dhcpd.pid
file in the chroot directory, eg /var/lib/dhcp/var/run/dhcpd.pid? Is there
a /var/run/dhcpd.pid as well? Which process id is in those file(s), and
what is the ownership and permissions?

I would have thought normal behaviour would be to check if the pid file
existed, and complain if it did.

regards,
-glenn

On Wed, November 16, 2016 5:32 am, karteek.challa at wipro.com wrote:
> Hi,
>
>
> Thanks for your reply!
>
>
> The DHCP daemon is started in a chroot environment for security reasons
> and is normal way of doing so.
>
> By doing this, the configuration files will be then copied to the chrooted
> directory and so the daemon can find them.
>
> If the DHCP server should ever be compromised by an outside attack, the
> attacker will still be behind bars in the chroot jail, which prevents him
> from touching the rest of the system.
>
>
> I found same UDP port number 67 for both dhcpd processes.
>
>
> # netstat -tulpn | grep dhcpd
> udp        0      0 0.0.0.0:67              0.0.0.0:*
>      18976/dhcpd
> udp        0      0 0.0.0.0:67              0.0.0.0:*
>      18978/dhcpd
> udp        0      0 0.0.0.0:57676           0.0.0.0:*
>      18978/dhcpd
> udp        0      0 0.0.0.0:30634           0.0.0.0:*
>      18976/dhcpd
> udp        0      0 :::26560                :::*
>      18976/dhcpd
> udp        0      0 :::34621                :::*
>      18978/dhcpd
>
>
> Best Regards,
>
> Karteek
>
> ________________________________
> From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of perl-list
> <perl-list at network1.net>
> Sent: 15 November 2016 22:55:11
> To: Users of ISC DHCP
> Subject: Re: Weird problem of multiple dhcp processes running in parallel!
>
>
> ** This mail has been sent from an external source **
>
> it shouldn't be able to do that because port 67 would already be in use...
>  The kernel should prevent it.  But I see you are using chroot and so on
> that I am not familiar with and how that would affect things.
>
> ________________________________
> From: "karteek challa" <karteek.challa at wipro.com>
> To: dhcp-users at lists.isc.org
> Cc: dhcp-users at lists.isc.org
> Sent: Tuesday, November 15, 2016 12:00:29 PM
> Subject: Re: Weird problem of multiple dhcp processes running in parallel!
>
>
> Hi,
>
> I've reproduced the issue by restarting the dhcpd service exactly at the
> same time from 2 different hosts which had resulted in 2 dhcp processes
> listening on eth0 interface.
>
> # ps -ef | grep dhcp
> root      1284     1  0 Oct23 ?        02:01:27 /sbin/syslog-ng -a
> /var/lib/dhcp/dev/log -a /var/lib/dhcp6/dev/log -a /var/lib/named/dev/log
> dhcpd    18976     1  0 14:01 ?        00:00:00 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    18978     1  0 14:01 ?        00:00:00 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
> root     29484 26297  0 14:02 pts/2    00:00:00 grep dhcp
>
> Is this a bug?
>
> Best Regards,
> Karteek
>
> ________________________________
> From: Karteek Challa (Communications-Telecom Equipment)
> Sent: 11 November 2016 04:01
> To: dhcp-users at lists.isc.org
> Subject: Weird problem of multiple dhcp processes running in parallel!
>
>
> Hi Friends,
>
>
> I am facing a weird problem with the multiple dhcp process running in
> parallel.
>
>
> My dhcp server was configured to listen on only one eth0  and there used
> to be only one process running always.
>
> But because of some inconsistent behaviour in hosts not getting IPs, when
> observed the linux machine with the dhcp server installed, I observed 5
> dhcp process running in parallel.
>
> DHCPv4 server running in my linux machine.
>
>
> dhcpd     1934  1.2  0.2  34844  8744 ?        Ss   16:25   4:59
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    19095  1.2  0.2  34972  8756 ?        Ss   Nov09  26:12
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    19349  1.2  0.2  34840  8728 ?        Ss   Nov09  26:01
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    20649  1.1  0.2  34840  8728 ?        Ss   Nov09  24:41
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    21533  1.1  0.2  34840  8736 ?        Ss   Nov09  24:07
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>
> May I know in what scenario multiple dhcp processes will be created?
>
>
> Best Regards,
>
> Karteek
>
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments. WARNING: Computer viruses can
> be transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments. WARNING: Computer viruses can
> be transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list