[Dnsmasq-discuss] command on DHCP release

Luca Landi me@lucalandi.com
Wed, 4 May 2005 00:31:44 +0200


Simon Kelley ha scritto:
> Every potential addition is a judgement call between useful extra stuff 
> and bloat. In my experience, running shells to "do stuff" is never that 
> satisfactory, it's also terifyingly easy to get parameter escaping or 
> environment stuff wrong and allow arbitrary command execution.

I quite disagree on the "never satisfactory" thing: in general I can't see 
anything really simpler and more straightforward to get the job done than 
running a good old shell script to configure things. Regarding security, in 
general I much agree with you but I disagree with your strong adjectives: 
secure programming is always possible, certainly difficult but still 
possible. Later in your message you mention dbus: IMHO that is fairly 
contraddicting with respect to security because difficulty of secure 
programming usually is very related to complexities and introducing dbus 
introduces complexities also into dnsmasq (don't know, just supposing). 
Anyway I understand that you are not undecided as the "equivocating" verb 
you used in your previous message made me think (or maybe I just 
misinterpreted it due to the Italian meaning of that verb...) so I won't 
bother you further.

> An alternative that I'm thinking about is DBus: 
> www.freedesktop.org/Software/dbus which is a lightweight IPC system 
> expressly designed for integrating daemon-like software components on 
> Unix systems. I already have libdbus patched into the initialisation and 
> event-loop code in dnsmasq, and DBus methods to set the upstream 
> nameservers.

Ideally sounds cool, but I wonder whether it would actually suit an embedded 
system. I mean: another thing to compile, deploy, make room for in memory 
and storage... Don't know, seems a bit oversized for what dnsmasq is meant 
to be. But you seem to really "striding" toward it so what do you think 
about adding methods to also manipulate the internal cache? recently I'd 
have loved to have the possibility to "hotplug" (add/remove) entries in the 
cache at my will.

> Maybe that could be extended for DHCP lease status changes? 

Can well be, but in order for it to make sense I think we'd need yet another 
daemon (to compile, deploy, etc.) waiting for those messages on the dbus. 
And what would that daemon possibly do on each received message? as long as 
all (or at least most of) other daemons, utilities, tools, etc. normally 
present even in the leanest system won't be dbus-aware that daemon would 
probably end up running a shell script, so you may have pushed many 
security concerns away from dnsmasq (which is certainly good since, as you 
said, dnsmasq is directly exposed by definition while dbus is not) but 
added general complexity to the overall operating system. And all this only 
to "do stuff" which most of times is very simple and quick? at a first 
glance to me it does not worth the while.

All this is just my 2 cents :-)

Bye,
Luca