Simon Kelley wrote:
The fact that stop-dns-rebind blocks 127.0.0.0 is bit of
a coincidence, which comes from the fact that it uses the same
address-checking code as --bogus-priv. My understanding of the rebind
attack is that it can't be done via 127.0.0.1: That might get you
a backdoor into
Simon,
Thanks for the response.
I do not have --tftp-secure.
But I do launch with
sudo /etc/rc.d/initd/dnsmasq
So it seems that it will be run by root.
Therefore I need world readable permission on my bootrom.pxe.0.
I thought I had that!
---
/home/Steve/Shared/workspace/xxx/xxx/
Am 14.05.2010 16:08, schrieb Simon Kelley:
Different versions of dnsmasq? I only looked at the latest code to see
how it would behave with repeated IP addresses, older code may break
differently
dnsmasq -v prints the same Version 2.52 *strange*
Hallo, Steve,
Du meintest am 15.05.10:
But I do launch with
sudo /etc/rc.d/initd/dnsmasq
So it seems that it will be run by root.
Therefore I need world readable permission on my bootrom.pxe.0.
I thought I had that!
---
/home/Steve/Shared/workspace/xxx/xxx/
-rwxrwxr-x. 1
Steve Elliott wrote:
Simon,
Thanks for the response.
I do not have --tftp-secure.
But I do launch with
sudo /etc/rc.d/initd/dnsmasq
So it seems that it will be run by root.
No, it will be running as non-privileged user, nobody or dnsmasq
unless you have user=root somewhere.
Try su
clemens fischer wrote:
Hi Simon, did you intend to send this privately? The dnsmasq list was
not Cc'ed.
Simon Kelley:
clemens fischer wrote:
Simon Kelley wrote:
The fact that stop-dns-rebind blocks 127.0.0.0 is bit of a
coincidence, which comes from the fact that it uses the same
Simon Kelley wrote:
clemens fischer wrote:
To me your changes from test25..test27 were quite adequate by using
the bogus-priv checks. Rob said he wants his VPN remotes to resolve.
I can imagine he just enters the remotes as rebind-domain-ok domains
and be happy.
I think so too, but it
