Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • D dhcp
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 128
    • Issues 128
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • dhcp
  • Issues
  • #199
Closed
Open
Issue created Jul 20, 2021 by Peter Davies@peterdDeveloper

Verify that random calls are seeded and used appropriately

Verify that random calls are seeded and used appropriately
The Google Compute Platform randomization attack is a good reminder that we should examine PRNG use dhcp server and relay to ensure that we are using (pseudo-)randomness appropriately.
Please treat this ticket as:

a reminder to review PRNG use in your project to ensure that it is used properly
a request to report on the status of that review, so that users who search for this ticket can satisfy themselves that we have checked our usage and believe it to be reasonable

The Google Compute Platform randomization attack in dhclient publicly available here: https://github.com/irsl/gcp-dhcp-takeover-code-exec..

also: #197 (closed)

Edited Jul 20, 2021 by Andrei Pavel
Assignee
Assign to
Time tracking