On Sat Jan 11 07:14:25 2014, logan@elandsys.com wrote: <br />
&gt; Dear Jeremy and ISC team, <br />
&gt;  <br />
&gt; I'm currently running with isc-dhcpd sandboxed on Production Ubuntu <br />
&gt; servers. <br />
&gt;  <br />
&gt; The patch restricts dhcpd to a small number of whitelisted C functions <br />
&gt; using <br />
&gt; seccomp. OpenSSH and systemd ship with a similar sandbox on Linux. <br />
&gt;  <br />
&gt; This prevents exploits that use execve() and such. <br />
&gt;  <br />
&gt; If there is interest in such a patch, I'm willing to improve it futher <br />
&gt; based on the feedback I get from ISC. <br />
<br />
Hello.<br />
<br />
Thank you for your patch, and apologies for the slow response --<br />
our DHCP team has been very busy putting the finishing touches<br />
on DHCP 4.3.0 and new maintenance versions of 4.2.x and 4.1-ESV.<br />
<br />
Your patch looks interesting and will be forwarded to the development<br />
team for assessment, but probably will not receive scrutiny until after<br />
the release schedules currently in process are completed.<br />
<br />
Thank you, though, for your submission and for your efforts to help<br />
us improve ISC DHCP.<br />
<br />
Michael McNally<br />
ISC Support<br />
<br type="_moz" />