[Dnsmasq-discuss] failed to read symlink-files added by `list addnhosts '/etc/safe-search/enabled'`
Eric Fahlgren
ericfahlgren at gmail.com
Sat Nov 26 21:47:34 UTC 2022
Oho, that makes sense. 'ujail' sure is poorly documented, isn't it? I'm
just finding an old lwn.net article on it, and basically nothing on the
OpenWrt wiki or forum. Maybe ask over on OpenWrt, see if one of the devs
there can point us to better docs.
Also, maybe report this as a bug on the package? I looked at the source
(over 2 years since any updates) and it sure does assume that a simple
symlink will work.
On Sat, Nov 26, 2022 at 12:45 PM Gordon Shawn <capcoding at gmail.com> wrote:
> it has something to do with openwrt's ujail (seccomp) I believe, probably
> to avoid symlink attacks? i.e. file works, symlink does not work.
>
> On Sat, Nov 26, 2022 at 2:19 PM Eric Fahlgren <ericfahlgren at gmail.com>
> wrote:
>
>> I can't imagine that dnsmasq would even know that the file it was opening
>> was a symlink. I'd suspect ownership or permissions. The dnsmasq process
>> in OpenWrt is run as the 'dnsmasq' user, so maybe 'chown dnsmasq:dnsmasq
>> /etc/safe-search/enabled/*' or some variant would resolve your issue.
>>
>> On Fri, Nov 25, 2022 at 7:05 PM Gordon Shawn <capcoding at gmail.com> wrote:
>>
>>> On the newest openwrt I installed 'safe-search' which has a few files
>>> under /etc/safe-search/available/ and they're symlinked to
>>> /etc/safe-search/enable/ by choice.
>>>
>>> dnsmasq reports it failed to load those symlinks under enable/
>>>
>>> if I remove the symlinks, and copy the real files over from available/,
>>> dnsmasq read them all and works fine.
>>>
>>> can dnsmasq read addn-hosts files when they're symbolic links?
>>>
>>> Thanks,
>>> Gordon
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221126/06883610/attachment.htm>
More information about the Dnsmasq-discuss
mailing list