Slackwarearm-current ChangeLog (2019-04-26)

Fri Apr 26 08:08:08 UTC 2019

  • a/kernel-firmware-20190424_4b6cf2b-noarch-1.txz
  • ap/nano-4.2-arm-1.txz
  • d/ccache-3.7-arm-1.txz
  • l/imagemagick-6.9.10_42-arm-1.txz
  • l/python-urllib3-1.25.1-arm-1.txz
  • l/vte-0.56.2-arm-1.txz
  • x/mesa-19.0.3-arm-1.txz
  • n/network-scripts-15.0-noarch-7.txz
    /etc/rc.d/rc.inet1:
    Call dhcpcd with -H, which uses the last four bytes of the hardware address
    as the DHCP xid instead of a randomly generated number. This is particularly
    useful for ARM devices, where the amount of entropy is low during boot - as
    such machines are often headless, so there's minimal i/o to feed the pool.

    The “xid” is explained here:
    https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html
    I don't believe that this causes any operational issues (the MAC must be
    unique anyway), nor realistically opens up any security issues, as an
    attacker would have needed to control the DHCP server already (to avoid IP
    conflicts tipping people off); would have to know about your device's MAC
    address up front in order to pull of any data packet manipulation attack where
    they manipulate the DHCP offerings (e.g. gw/DNS); and if that's going on,
    there are likely more and worse issues already on that network. In such a
    case, one would argue that one may prefer to choose to disconnect from that
    network and remain so, whilst you enjoy a speedier boot on a safe network.
    If you find a security issue, make a PoC, make a case and get a recognised,
    peer review, and let me know! I'll buy you a beer and I'll revert this change
    with pleasure (I'll move it to the documentation) :-)

    For those of you that use IPv4-only, you can speed up the boot process
    further, making dhcpcd only solicit IPv4 addresses.
    Within rc.inet1, find the line:
    /sbin/dhcpcd -HL -t ${DHCP_TIMEOUT[$i]:-0} ${DHCP_OPTIONS} ${1}
    and add the command line operator “4”
    /sbin/dhcpcd -4HL -t ${DHCP_TIMEOUT[$i]:-0} ${DHCP_OPTIONS} ${1}

    Thanks to the community on LQ – mcatudal for the report and gus3 for finding
    the root cause and getting me thinking of fix.

    This change is scoped only to calling “dhcpcd” from rc.inet1
    (“Use a DHCP server to configure ethernet” option within the “netconfig” setup
    tool). I don't believe that NetworkManager has the ability to pass command
    line operators to dhcpcd via its helper scripts. If anyone knows how to do
    that, let me know and I'll merge in the fix.
  • isolinux/*
    Modified the installer to call dhcpcd with -H (see entry for
    “n/network-scripts” package above).
  • news/2019/04/26/slackwarearm-current-changelog.txt
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi