[klibc] [PATCH] Escape DHCP options written to /tmp/net-$DEVCICE.conf
max at stro.at
Thu Apr 21 07:05:28 PDT 2011
Thanks for the patch.
On Fri, 15 Apr 2011, Ulrich Dangel wrote:
> DHCP options like domain-name or hostname are written to
> /tmp/net-$DEVICE.conf which is typically later used by other scripts to
> determine the network configuration. This is done by sourcing the
> /tmp/net-$DEVICE.conf file to get all defined variables.
> This patch escapes the DHCP options written to /tmp/net-$DEVICE.conf
> to prevent arbitrary code execution.
"There is actually a much better way to escape shell variables, a trick I
learned from git: Always start with a single quote ('), then leave all
characters except ' and ! unchanged. For those two characters, emit the
sequence '\'' or '\!' Including the single quotes" -hpa
> Signed-off-by: Ulrich Dangel <uli at spamt.net>
> usr/kinit/ipconfig/main.c | 55 +++++++++++++++++++++++++++++++-------------
> 1 files changed, 39 insertions(+), 16 deletions(-)
do you care to respin?
More information about the klibc