bug#68619: dhcp-client-service-type uses end-of-life dhclient

bug#68619: dhcp-client-service-type uses end-of-life dhclient

[Sören Tempel]

Hello,

I recently installed the Guix operating system and selected DHCP-based
network configuration in the installer. Today I noticed that the DHCP
client installed by default seems to be dhclient from ISC-DHCP. This is
problematic as this DHCP implementation has reached its end-of-life in
2022 [1]. This is also mentioned in the Guix package description.

The dhcp-client-service-type has a package configuration option, in
theory, allowing usage with other DHCP clients. Unfortunately, it seems
to require that the package provides /sbin/dhclient and I am not aware
of any package that has this executable. In general, it seems there
is no other DHCP client package available in Guix.

Therefore, I believe the course of action here would be to: (a) package
a different DHCP client (dhcpcd [2] may be a good candidate) and (b)
make sure that dhcp-client-service-type is compatible with this client
and uses it by default.

I would argue that this is an important issue, as a DHCP client
processes untrusted input from the local network and is thus subject to
potential security vulnerabilities.

Greetings,
Sören

[1]: https://www.isc.org/blogs/isc-dhcp-eol/
[2]: https://roy.marples.name/projects/dhcpcd

bug#68619: dhcp-client-service-type uses end-of-life dhclient

[Sören Tempel]

> I believe the course of action here would be to: (a) package a
> different DHCP client (dhcpcd [2] may be a good candidate) and (b)
> make sure that dhcp-client-service-type is compatible with this client
> and uses it by default.

I started working on this, see <https://issues.guix.gnu.org/68675>.

Greetings
Sören