[Dnsmasq-discuss] [PATCH] Validate the tftp root directory option

Daniel Veillard veillard at redhat.com
Wed Jun 13 14:04:14 BST 2012


On Wed, Jun 13, 2012 at 01:49:02PM +0100, Simon Kelley wrote:
> On 12/06/12 16:30, Daniel Veillard wrote:
> >
> >   Whoops, sorry. Basically someone tweaked a libvirt XML to add
> > extra dnsmasq arguments within the tftproot field and though he had
> > a security hole. It isn't as libvirt will pass the value directly
> > as a structured arg to the dnsmasq process and all the 'attacker' got
> > was a very long tftproot argument with space and -- in it :-)
> >   But the problem is that no error was reported so we would rather see
> > dnsmasq complain at launch time if the passed directory argument isn't
> > one, and that's what my patch tried to implement (so yes it's a bit
> > crude and doesn't try to cope with the fact that ultimately it won't run
> > as root).
> >   Hope it makes sense in context :-)
> 
> It does. I pushed an update to git which checks using opendir after priv
> drop. I hope it doesn't break any existing setups: seems unlikely and
> would be easy to fix.

  Thanks Simon !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/



More information about the Dnsmasq-discuss mailing list