#820069 dhcpcd5: configures interface without being asked to

Package:
dhcpcd5
Source:
dhcpcd5
Description:
DHCPv4, IPv6RA and DHCPv6 client with IPv4LL support
Submitter:
Christian Pernegger
Date:
2022-06-30 08:51:05 UTC
Severity:
important
Tags:
#820069#5
Date:
2016-04-05 08:06:20 UTC
From:
To:
Hi,

this box has its network interface configured statically in
/etc/network/interfaces. dhcpcd5 is installed but should not be active
at this time. (I would have liked to use DHCP, but neither dhcpcd5 nor
isc-dhcp-client work properly on a machine that only wakes once per
day for a few minutes and usessystemd. Also I sometimes use a wireless
dongle and that needs DHCP.)


Anyway, last night the box woke up and ...

Apr 05 02:00:30 mrmackey kernel: Restarting tasks ... done.
Apr 05 02:00:30 mrmackey dhcpcd[622]: eth0: carrier lost
Apr 05 02:00:30 mrmackey dhcpcd[622]: eth0: deleting host route to 192.168.0.25 via 127.0.0.1
Apr 05 02:00:30 mrmackey dhcpcd[622]: eth0: deleting route to 192.168.0.0/24
Apr 05 02:00:30 mrmackey dhcpcd[622]: eth0: deleting default route via 192.168.0.1
Apr 05 02:00:30 mrmackey systemd-timesyncd[364]: System time changed. Resyncing.
Apr 05 02:00:30 mrmackey systemd-sleep[807]: System resumed.
Apr 05 02:00:30 mrmackey systemd[1]: Requested transaction contradicts existing jobs: File exists
Apr 05 02:00:30 mrmackey systemd-logind[543]: Operation finished.
Apr 05 02:00:32 mrmackey dhcpcd[622]: eth0: carrier acquired
Apr 05 02:00:32 mrmackey kernel: r8169 0000:02:00.0 eth0: link up
Apr 05 02:00:32 mrmackey dhcpcd[622]: eth0: soliciting an IPv6 router
Apr 05 02:00:32 mrmackey dhcpcd[622]: eth0: rebinding lease of 192.168.0.25
Apr 05 02:00:41 mrmackey dhcpcd[622]: eth0: leased 192.168.0.25 for 86400 seconds
Apr 05 02:00:41 mrmackey dhcpcd[622]: eth0: adding host route to 192.168.0.25 via 127.0.0.1
Apr 05 02:00:41 mrmackey dhcpcd[622]: eth0: adding route to 192.168.0.0/24
Apr 05 02:00:41 mrmackey dhcpcd[622]: eth0: adding default route via 192.168.0.1
Apr 05 02:00:44 mrmackey dhcpcd[622]: eth0: no IPv6 Routers available

.... happily overwrote the manual interface configuration, causing the
box to get the wrong IP, breakage ensued.


There used to be log entries like:

Mär 31 10:30:43 mrmackey dhcpcd[543]: Not running dhcpcd because /etc/network/interfaces ... failed!
Mär 31 10:30:43 mrmackey dhcpcd[543]: defines some interfaces that will use a DHCP client ... failed!
Mär 31 10:30:43 mrmackey systemd[1]: dhcpcd.service: control process exited, code=exited status=6
Mär 31 10:30:43 mrmackey systemd[1]: Failed to start LSB: IPv4 DHCP client with IPv4LL support.
Mär 31 10:30:43 mrmackey systemd[1]: Unit dhcpcd.service entered failed state.

But that was the last one of this kind. dhcpcd ran without really
doing anything on the 1st and 2nd, then assigned the wrong IP on the
3rd, 4th and 5th. So it's basically on the fritz since the 8.4 update,
but the trigger may just as well have been the (rare) reboot that
followed it, not anything in the update itself.

/etc/network/interfaces is attached, I really don't see why it should
be running at all. I'm purging it for now, just to be sure, but I can
always reinstall it for tests.

Regards,
Christian
#820069#10
Date:
2016-05-09 08:39:26 UTC
From:
To:
dhcpcd does not parse /etc/network/interfaces.
I suspect dhcpcd was started by an init script, and the default config
is to configure all interfaces.

You can restrict this with /etc/dhcpcd.conf.

Roy
#820069#15
Date:
2019-01-17 04:20:04 UTC
From:
To:
severity 820069 important
tags 820069 security

I was hit by this bug last night.  After plugging a new Internet provider
into my local network, my Debian router automatically added an IP address
and default route to the new device.  This resulted in my entire home's
Internet access being disrupted as the router tried to route traffic via
the new device.  What's worse is that when the default route is removed
it's automatically added back.

dhcpcd is STILL bringing up this interface even after disabling the DHCP
server on the AT&T device.  The IP address that dhcpcd added is not visible
in ifconfig.  It only shows up when you run 'ip addr list'.

This is very serious security bug.  This bug could easily be exploited by
an attacker to force routing of traffic via the attacker's device.

Relevant logs/config files:

Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: Router Advertisement from
fe80:[removed]
Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: adding address [removed
ipv6 address]
Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: soliciting a DHCPv6 lease
Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: leased 192.168.1.67 for
86400 seconds
Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: adding route to
192.168.1.0/24
Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: adding default route via
192.168.1.254

/etc/network/interfaces.d/eth0
==============================
auto eth0
iface eth0 inet static
    address [removed]
    netmask 255.255.255.0

auto eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static
    address 192.168.1.1
    netmask 255.255.255.0


/etc/dhcpcd.conf
===============
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;

subnet [removed] netmask 255.255.255.0 {
  range [removed] [removed];
  option broadcast-address [removed];
  option routers [removed];
  default-lease-time 600;
  max-lease-time 7200;
  option domain-name "local-network";
  option domain-name-servers 8.8.8.8, 8.8.4.4;
}

interface eth0
static ip_address [removed]
static domain_name_servers=8.8.8.8 8.8.4.4
#820069#24
Date:
2019-02-08 10:29:45 UTC
From:
To:
Hi Adam,

Thanks for the report.

Do I understand correctly that you plugged some kind of USB modem into
your router which was running dhcpcd, so that the modem showed up as a
new network interface?

In that situation, as you found, dhcpcd will run in master mode by
default - see the manpage for what that means.

Yes, ifconfig is deprecated - please only use `ip ...`.

You can avoid this issue by adding `allowinterfaces ...` or
`denyinterfaces ...` as appropriate to the /etc/dhcpcd.conf file.
#820069#29
Date:
2020-05-15 14:40:08 UTC
From:
To:
Hi Adam,

Have you tried updating the config file this way?
#820069#34
Date:
2022-06-23 12:36:16 UTC
From:
To:
This bug happens because dhcpcd5 ships both an init.d script and systemd unit. In order for dhcpcd5 to correctly work as an ifupdown backend via /etc/network/interfaces, it should ship neither file.

Personally, I vote for removing both files. This way, dhcpcd5 could become a replacement for the ISC dhclient for anything that requires DHCP via /etc/network/interfaces. Those who want something controlled by systemd can always install networkd or even use network-manager.

Martin-Éric

- -- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-security'), (500, 'testing')
Architecture: i386 (i586)

Kernel: Linux 5.18.0-2-686 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dhcpcd5 depends on:
ii  libc6     2.33-7
ii  libudev1  251.2-5
ii  lsb-base  11.2

Versions of packages dhcpcd5 recommends:
pn  openresolv | resolvconf  <none>

Versions of packages dhcpcd5 suggests:
pn  dhcpcd-gtk  <none>
pn  dhcpcd-ui   <none>

- -- Configuration Files:
/etc/dhcpcd.conf changed [not included]

- -- no debconf information
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmK0XjkACgkQrh+Cd8S0
17aiuA//RdUPMCPkxIDzWQQNqOOymEjWfmeetA4Xrzkjbh4BTcddYqUbkjFQxbik
e/FdTgeNYa7FkfaWrraDwmbN3wN32Ri6aoR0cOkRoWrgViQIPk/XUk6OyLgFFiFP
osGTP1cEjrGWYMCKLVnRPQZk5w42iUBuHHB5k9X7ENgFZc8d0ASCUcRyN+33CDXB
N+v4Ab5RMlXd/eUrKiJSPF9I+rOj7CGGi2YoxbH06fc2F+odB/jU+Yc5N0nZpIjc
97q6IyVGnyF3WsCYYhSVivwm+ACmlyv2jolmH5hWSA4oY0sEy7W35/N7K/ajJpxb
1RINS6kuKRXg71uf8kRSM4EG/Lhe0dxFJJwEXonyhXCxeKys59a5kyvLbpcNftZO
8E9k2rffAKTvqpmrbt/Hk+gDXF9q43994hWsD8mtfDOx14ecfA3ZwgypspPq9lcq
YrBEYaOy29uS/hTYndUWE2L1MDM8P+AVtH2by6T9H5CXEeH2YHGATG8i7HSClJBL
cNyRJ8F+dSNMrgvfQrYT3hhcIAPchUPf9xOddYGF8GL+ANf1CtzyQTERUlQ30Th1
3KC8siTP+RjqZpifHiGxmZQVsUsgUCozZt9OyUYMvr01C4ZfDsVz7LUiQ4MM2HrH
OPIAWdnk5TazC0Ho9JmOTqQd7MWsebg4+ZIHxFL4PCp3bTfcjJ8=
=gMbF
-----END PGP SIGNATURE-----
#820069#39
Date:
2022-06-27 15:27:59 UTC
From:
To:
I'm adopting this package.

This issue will be resolved by splitting the binaries, exit hooks and
manual pages into dhcpcd-base (provides: dhcp-client) and leaving only
the init.d script and systemd unit in dhcpcd5.

This way, those who only need the binaries as a backend for
/etc/network/interfaces (ifupdown) can install dhcpcd-base, while
those who also need the daemonized automation can install dhcpcd5.

Martin-Éric
#820069#42
Date:
2022-06-27 15:27:59 UTC
From:
To:
I'm adopting this package.

This issue will be resolved by splitting the binaries, exit hooks and
manual pages into dhcpcd-base (provides: dhcp-client) and leaving only
the init.d script and systemd unit in dhcpcd5.

This way, those who only need the binaries as a backend for
/etc/network/interfaces (ifupdown) can install dhcpcd-base, while
those who also need the daemonized automation can install dhcpcd5.

Martin-Éric
#820069#47
Date:
2022-06-30 08:47:06 UTC
From:
To:
Starting version 9.4.1-2, the init.d script and systemd unit are
packaged separately in package dhcpcd5. If you use
/etc/network/interfaces with the dhcp method, you can remove dhcpcd5.
As of 9.4.1-2 dhcpcd-base provides everything that ifupdown needs.

Martin-Éric