On 2014-09-29 20:17, Simon Kelley wrote:
On 27/09/14 11:01, Roy Marples wrote:
On Friday 26 Sep 2014 21:14:20 Simon Kelley wrote:
This is just a heads-up that if you're using the --dhcp-script option
in
dnsmasq, and the script you're calling is being interpreted by bash,
then you're affected by the shellshock bug.
The bug allows execution of arbitrary code contained in the values of
environment variables, and there are several variables in the
environment inherited by the DHCP script whose values can be set
directly by a DHCP client, so any DHCP client on your network (or
elsewhere, if your firewall allows) can execute arbitrary shellcode,
probably as root, with a simple DHCP request.
The fix, of course, is to update bash.
What's your reason for not sanitising the variables?
I just released dhcpcd-6.4.7 which fixes this exact issue. I changed
from
using my custom sanitiser to svis(3) with VIS_CSTYLE | VIS_OCTAL and
the
output can be decoded using unvis(1).
Oddly enough this encoding matches the style dhcpcd was using
previously which
is a nice win for me.
In the cold light day after shellshock I've come to the conclusion that
you're right am I'm wrong.
Admittedly I was swayed by a SUSE security report which dealt with badly
quoted shell scripts which addressed the issue by introducing some
sanistisation into dhcpcd and I went from there.
Now, dhcpcd just sanistises according to the option encoding. So as most
string options specify ASCII NVT dhcpcd will ensure that's what you get,
stopping at the first invalid or non printable character. There are
other encoding types such as domain, ascii, raw and binhex which will
satisfy everything hopefully.
No more shell sanitising!
Roy
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
