[Dnsmasq-discuss] command on DHCP release
Tue, 03 May 2005 15:15:51 +0100
Luca Landi wrote:
> hai scritto:
>>There was a patch submitted here a month or so ago which did this (and
>>more - it calls out on every lease state change.)
>>One reason I'm equivocating about adding it to the dnsmasq mainline is
>>that it requires dnsmasq to run as root in order that the external
>>command can also run as root.
> Yes that's true, but to work around that you might use a thing like sudo.
> However there might be other usages for that feature which don't need root
Every potential addition is a judgement call between useful extra stuff
and bloat. In my experience, running shells to "do stuff" is never that
satisfactory, it's also terifyingly easy to get parameter escaping or
environment stuff wrong and allow arbitrary command execution.
An alternative that I'm thinking about is DBus:
www.freedesktop.org/Software/dbus which is a lightweight IPC system
expressly designed for integrating daemon-like software components on
Unix systems. I already have libdbus patched into the initialisation and
event-loop code in dnsmasq, and DBus methods to set the upstream
nameservers. Maybe that could be extended for DHCP lease status changes?
>>Do you gain more
>>security from your dynamic firewall rules that you lose from having a
>>network-exposed daemon running as root rather than as nobody.
> Well, let's say that I trust you being able to write bug-free code! :-)
I'm honoured, but I'd still advise you to trust no-one!