[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option
Daniel Veillard
veillard at redhat.com
Tue Jun 12 16:30:32 BST 2012
On Tue, Jun 12, 2012 at 04:14:26PM +0100, Simon Kelley wrote:
> On 12/06/12 16:10, Daniel Veillard wrote:
>
> > To be honnest we were more worrying about crafted CLI arguments given
> > and not really trying to check accessing the directory for real. In the
> > end dnsmasq would serve file out of that directory so the directory in
> > itself is just a small precondition of proper working of the
> > functionality.
>
> I could comment on that if I could read the original bug, but bugzilla
> won't let me. Could you mail me a copy? (off list if necessary).
Whoops, sorry. Basically someone tweaked a libvirt XML to add
extra dnsmasq arguments within the tftproot field and though he had
a security hole. It isn't as libvirt will pass the value directly
as a structured arg to the dnsmasq process and all the 'attacker' got
was a very long tftproot argument with space and -- in it :-)
But the problem is that no error was reported so we would rather see
dnsmasq complain at launch time if the passed directory argument isn't
one, and that's what my patch tried to implement (so yes it's a bit
crude and doesn't try to cope with the fact that ultimately it won't run
as root).
Hope it makes sense in context :-)
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the Dnsmasq-discuss
mailing list