[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)

DJ-Pfulio DJPfulio at jdpfu.com
Thu May 17 15:49:10 EDT 2018


On 05/17/2018 01:27 PM, Alan Dobkin via Ale wrote:
> On 5/17/2018 1:17 PM, DJ-Pfulio via Ale wrote:
>> On 05/17/2018 01:12 PM, Solomon Peachy wrote:
>>> On Thu, May 17, 2018 at 11:46:12AM -0400, DJ-Pfulio via Ale wrote:
>>>> In the article, they talk about servers and mysql ... who would run
>>>> those on dhcp? Serious question - who and why?
>>> In networks I've administered, everything but the DHCP server and the
>>> core routers has their (static!) addresses assigned via DHCP.
>>
>> Why?
> 
> I don't typically use DHCP to assign IP addresses to servers, but there
> is certainly a management benefit to doing it that way if you have a lot
> of them. For example, consider the case where you need to do a mass IP
> change or change infrastructure like the gateway IP or DNS servers
> across the board. With DHCP, it's as simple as making the change in one
> place and then power-cycling the switch. Doing it manually could take
> several hours otherwise. For host devices like servers and printers, I
> would only use reserved IP addresses and assign very long lease time.
> That way, DHCP traffic is minimal, and a DHCP server outage is pretty
> much a non-issue.

I've actually been though this.  4 easy commands per system.  This was
back when NAT didn't exist.  These days, I do it with an ansible
playbook/task.

Lots of ways to solve any issue. I've been burned a few times by DHCP
failures or misconfigurations.

Guess we each get to pick our poisons.


More information about the Ale mailing list