[Dnsmasq-discuss] Shellshock.

Matthias Andree matthias.andree at gmx.de
Sat Sep 27 13:01:48 BST 2014


Am 27.09.2014 um 12:01 schrieb Roy Marples:
> On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote:
>> This is just a heads-up that if you're using the --dhcp-script option in
>> dnsmasq, and the script you're calling is being interpreted by bash,
>> then you're affected by the shellshock bug.
>>
>> The bug allows execution of arbitrary code contained in the values of
>> environment variables, and there are several variables in the
>> environment inherited by the DHCP script whose values can be set
>> directly by a DHCP client, so any DHCP client on your network (or
>> elsewhere, if your firewall allows) can execute arbitrary shellcode,
>> probably as root, with a simple DHCP request.
>>
>> The fix, of course, is to update bash.
> 
> What's your reason for not sanitising the variables?

This isn't dnsmasq's fault - what's bash's reason for parsing or
executing environment variables as though they were functions?
This is a stupid design decision.

Bash has a dozen other ways at hand to propagate information for those
cases where the cloned address space from fork() isn't enough. It only
needs to pick one and use it.



More information about the Dnsmasq-discuss mailing list