[Dnsmasq-discuss] failed to read symlink-files added by `list addnhosts '/etc/safe-search/enabled'`

Mon Nov 28 22:13:13 UTC 2022

Looks like this issue was fixed today by Daniel Golle in OpenWrt:

https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=aa12a0fdd1c5a004281633c5b0758da1781bb41c

On Sat, Nov 26, 2022 at 2:46 PM Simon Kelley <simon at thekelleys.org.uk>
wrote:

> Does the openwrt config use --hostsdir to read all the files in a
> directory automatically when they change? The inotify code has explicit
> handling for the case that an argument to --hostdir is a symlink, so
> there's a chance that's botched somewhere.
>
> Note that's a symlink in the path to the directory. I just checked and
> symlinks to files contained in the directory 1) don't exercise that code
> and 2) work fine on my Ubuntu desktop.
>
>
> Cheers,
>
> Simon.
>
>
> On 26/11/2022 20:45, Gordon Shawn wrote:
> > it has something to do with openwrt's ujail (seccomp) I believe,
> > probably to avoid symlink attacks? i.e. file works, symlink does not
> work.
> >
> > On Sat, Nov 26, 2022 at 2:19 PM Eric Fahlgren <ericfahlgren at gmail.com
> > <mailto:ericfahlgren at gmail.com>> wrote:
> >
> >     I can't imagine that dnsmasq would even know that the file it was
> >     opening was a symlink.  I'd suspect ownership or permissions.  The
> >     dnsmasq process in OpenWrt is run as the 'dnsmasq' user, so maybe
> >     'chown dnsmasq:dnsmasq /etc/safe-search/enabled/*' or some variant
> >     would resolve your issue.
> >
> >     On Fri, Nov 25, 2022 at 7:05 PM Gordon Shawn <capcoding at gmail.com
> >     <mailto:capcoding at gmail.com>> wrote:
> >
> >         On the newest openwrt I installed 'safe-search' which has a few
> >         files under /etc/safe-search/available/ and they're symlinked to
> >         /etc/safe-search/enable/ by choice.
> >
> >         dnsmasq reports it failed to load those symlinks under enable/
> >
> >         if I remove the symlinks, and copy the real files over from
> >         available/, dnsmasq read them all and works fine.
> >
> >         can dnsmasq read addn-hosts files when they're symbolic links?
> >
> >         Thanks,
> >         Gordon
> >         _______________________________________________
> >         Dnsmasq-discuss mailing list
> >         Dnsmasq-discuss at lists.thekelleys.org.uk
> >         <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> >
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss <
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221128/b8e4952a/attachment.htm>