Bug #45874 for dhcp-public: DHCP Client 4.3.5 - dhclient-script executes dhclient-{enter,exit}-hooks when it should not

Bug Report from www.isc.org: Name: Timo Sigurdsson Email: public_timo.s@silentcreek.de Software Version: DHCP Client 4.3.5 OS: Debian 9 Subject:dhclient-script executes dhclient-{enter,exit}-hooks when it should not Bug Detail =========== Hi, I encountered a bug in ISC DHCP Client 4.3.5 on Debian 9 and reported it to the Debian project [1]. However, since the same code is still in the current dhcp.git master branch, hence I'm reporting the bug here as well. The issue is that dhclient-script does not honor the executability flag of either /etc/dhcp/dhclient-{enter,exit}-hooks or files inside the directories /etc/dhcp/dhclient-{enter,exit}-hooks.d/ and will execute even non-executable files by sourcing them. This is not supposed to happen according to the dhclient-script man page. Quote from the man page: "[dhclient-script] checks for the presence of an executable /etc/dhcp/dhclient-enter-hooks script, which if present is invoked using the '.' command." The passage on the exit-hooks reads likewise. However, dhclient-script does not actually check the executability of any of these files. The run-hook function in dhclient-script only checks whether the argument is a file and then sources it, see lines 136-137 of dhclient-script in current master: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l136 In addition, the run-hookdir function also iterates over files that are not executable, see line 154 in the same file: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l154 The problem here is the list switch of run-parts. Quote from the run-parts man page: --list print the names of the all matching files (not limited to executables), but don't actually run them. It would be better to use the --test switch here instead which will only print the names of executable files in the folder without actually running them. Thus, a fix should be rather trivial to get dhclient-script to actually invoke executables only. Regards, Timo [1] Debian Bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873133 --- This email was received through isc.org Bug Submission Form

Hello Timo: Thank you for bringing the matter to our attention. We're looking at final cuts for what will go into our next release, 4.4.0, tentatively due out January 2018. The plate is pretty full at this point. You are correct in that the (debian) dhclient-script does not require the files to be run to have the executable flag set while the man page could be leave one with that impression. We are typically loath to change long standing behavior that might break installations unexpectedly so whether we alter the script or clarify the man page will have to be determined. We certainly want our software to operate are users expect. As a small, non-profit we have to allocate our resources carefully and oil the wheels that are squeakiest. Regardless of what we do with your issue, we will keep you posted. Again, we appreciate you taking the time to report the issue and for suggesting a solution too. Regards, Thomas Markwalder ISC Software Engineering