On Thu, Jan 23, 2014 at 06:07:14PM +0000, Michael McNally via RT wrote:
> On Sat Jan 11 07:14:25 2014, logan@elandsys.com wrote:
> > Dear Jeremy and ISC team,
> >
> > I'm currently running with isc-dhcpd sandboxed on Production Ubuntu
> > servers.
> >
> > The patch restricts dhcpd to a small number of whitelisted C functions
> > using
> > seccomp. OpenSSH and systemd ship with a similar sandbox on Linux.
> >
> > This prevents exploits that use execve() and such.
> >
> > If there is interest in such a patch, I'm willing to improve it futher
> > based on the feedback I get from ISC.
> 
> Hello.
> 
> Thank you for your patch, and apologies for the slow response --
> our DHCP team has been very busy putting the finishing touches
> on DHCP 4.3.0 and new maintenance versions of 4.2.x and 4.1-ESV.

I saw that DHCP 4.3.0 was released. I would like to know if there is
interest in the sandboxing patch for the next release of ISC-dhcpd.

I've made further improvements to it.

> 
> Your patch looks interesting and will be forwarded to the development
> team for assessment, but probably will not receive scrutiny until after
> the release schedules currently in process are completed.
> 
> Thank you, though, for your submission and for your efforts to help
> us improve ISC DHCP.
> 
> Michael McNally
> ISC Support
>