[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option
veillard at redhat.com
Wed Jun 13 14:04:14 BST 2012
On Wed, Jun 13, 2012 at 01:49:02PM +0100, Simon Kelley wrote:
> On 12/06/12 16:30, Daniel Veillard wrote:
> > Whoops, sorry. Basically someone tweaked a libvirt XML to add
> > extra dnsmasq arguments within the tftproot field and though he had
> > a security hole. It isn't as libvirt will pass the value directly
> > as a structured arg to the dnsmasq process and all the 'attacker' got
> > was a very long tftproot argument with space and -- in it :-)
> > But the problem is that no error was reported so we would rather see
> > dnsmasq complain at launch time if the passed directory argument isn't
> > one, and that's what my patch tried to implement (so yes it's a bit
> > crude and doesn't try to cope with the fact that ultimately it won't run
> > as root).
> > Hope it makes sense in context :-)
> It does. I pushed an update to git which checks using opendir after priv
> drop. I hope it doesn't break any existing setups: seems unlikely and
> would be easy to fix.
Thanks Simon !
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the Dnsmasq-discuss