[klibc] [PATCH] Escape DHCP options written to /tmp/net-$DEVCICE.conf

maximilian attems max at stro.at
Thu Apr 21 07:05:28 PDT 2011

Thanks for the patch.

On Fri, 15 Apr 2011, Ulrich Dangel wrote:

> DHCP options like domain-name or hostname are written to
> /tmp/net-$DEVICE.conf which is typically later used by other scripts to
> determine the network configuration. This is done by sourcing the
> /tmp/net-$DEVICE.conf file to get all defined variables.
> This patch escapes the DHCP options written to /tmp/net-$DEVICE.conf
> to prevent arbitrary code execution.

"There is actually a much better way to escape shell variables, a trick I
learned from git: Always start with a single quote ('), then leave all
characters except ' and ! unchanged.  For those two characters, emit the
sequence '\'' or '\!' Including the single quotes" -hpa

> Signed-off-by: Ulrich Dangel <uli at spamt.net>
> ---
>  usr/kinit/ipconfig/main.c |   55 +++++++++++++++++++++++++++++++-------------
>  1 files changed, 39 insertions(+), 16 deletions(-)

do you care to respin?


More information about the klibc mailing list