[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option

Simon Kelley simon at thekelleys.org.uk
Tue Jun 12 15:14:33 BST 2012

On 12/06/12 04:57, Daniel Veillard wrote:
>   Hi Simon,
> in response to the following bug
>   https://bugzilla.redhat.com/show_bug.cgi?id=824214

I can't access that bug, even after I registered with the buzilla.

> I made the small patch below checking the tftp root directory.
> The only downside I could see would be if using a symlink for
> the patch given on the command line as S_ISDIR() will not catch
> this, I'm not sure it's worth adding readlink() complexity.
> Also I wasn't sure the patch should reindent the full block.
>   Any opinions ?

Two thinks come to mind.

1) The test should be done after dnsmasq drop privs. There's no point
checking directory access as root when you're going to do it for real as
a non-privileged user. By the time priv drop has occurred, fatal errors
are a bit more complex than just calling die(), but are possible.

2) Would opendir() be a better test? That solves the symlink problem.

> Daniel
> P.S.: thanks for adding a git ! ;-)

That has been a win all round.



More information about the Dnsmasq-discuss mailing list