[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option

[Simon Kelley]

On 12/06/12 16:30, Daniel Veillard wrote:
>
>   Whoops, sorry. Basically someone tweaked a libvirt XML to add
> extra dnsmasq arguments within the tftproot field and though he had
> a security hole. It isn't as libvirt will pass the value directly
> as a structured arg to the dnsmasq process and all the 'attacker' got
> was a very long tftproot argument with space and -- in it :-)
>   But the problem is that no error was reported so we would rather see
> dnsmasq complain at launch time if the passed directory argument isn't
> one, and that's what my patch tried to implement (so yes it's a bit
> crude and doesn't try to cope with the fact that ultimately it won't run
> as root).
>   Hope it makes sense in context :-)

It does. I pushed an update to git which checks using opendir after priv
drop. I hope it doesn't break any existing setups: seems unlikely and
would be easy to fix.


Cheers,

Simon.