Re: dhclient: avoiding hostname disclosure via DHCP request



On Sat, 2013-12-28 at 14:08 +0100, Geert Stappers wrote:
Op 2013-12-23 om 20:33 schreef Robert Horovitz:
Mark in /etc/dhcp/dhclient.conf 'send host-name' as comment.

Since the resulting file is created by merging /etc/dhcp/dhclient.conf
into /var/lib/NetworkManager/dhclient-em1.conf that does not do the trick.

The final file looks like:

-----
# Created by NetworkManager
# Merged from /etc/dhcp/dhclient.conf

# send host-name "foobar";
[...]
send host-name "foobar"; # added by NetworkManager
[...]
-----


That does surprise me. But, hey, I'm also new to the inner working of NM.


The (graphical) user interface of Network Manager
has an option named 'DHCP client ID'

Providing there a string like 'anon' should hide "foobar".
That is the place where I would expect the program code that does add
'send host-name "foobar"; # added by NetworkManager' to /var/lib/NetworkManager/dhclient-em1.conf

When that place in the source code is found,
it is easy to remove it.  ( easier as adding code to the right place )

If you're using 'keyfile' configuration files, you can add the line
"dhcp-send-hostname=false" to the [ipv4] block to prevent sending the
hostname to the DHCP server.  I don't believe it's exposed anywhere in
the nm-connection-editor UI at least.  Note that setting that option
does not prevent a custom dhclient.conf with "send host-name" from
working, so make sure it's not their either.

Dan



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]