On Fri, Sep 26, 2014 at 5:52 PM, Edward Ned Harvey (lopser) < lop...@nedharvey.com> wrote:
> If the dhcp client behaves as Paul suggested it might - which is to say, > stupidly accepting unsanitized ENV variables from a DHCP server I'd like to make one more point here: neither dhclient nor dhclient-script is buggy or incorrect here. Both understand that they are processing potentially untrusted input and both handle it reasonably well on their own parts. Neither should be responsible for the fact that *bash* is processing said untrusted input in its own completely unrelated and particularly stupid way. It is not dhclient and not dhclient-script that is blindly trusting the data here, but bash --- and I imagine ISC was as horrified as everyone else when they found out that the shell, something that is implicitly trusted by most programs as a core part of a Unix system, is doing something it has absolutely no business whatsoever doing. If you are required to assume that the shell is going to do something completely and utterly stupid, your only option is to encode every environment string, every command line argument, everything else that goes through or might possibly go through the shell, in something like base64 or uuencode or maybe by encrypting it. Is this a world we want to live in? -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
