Kea uses predictable filenames for sockets in /tmp
Debian maintainer of the Kea package here; this is a forward of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 and Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100.
The default Kea configuration files place control sockets under /tmp
, e.g.:
+---
| "control-socket": {
| "socket-type": "unix",
| "socket-name": "/tmp/kea4-ctrl-socket"
| },
+---[ /etc/kea/kea-dhcp4.conf ]
This can be a security issue, especially given that the socket have fixed names, as any use can create a file/socket with that name under /tmp
. Please move the control sockets to /run/kea
. Thanks!