Bug Report from www.isc.org: Name: Timo Sigurdsson Email: public_timo.s@silentcreek.de Software Version: DHCP Client 4.3.5 OS: Debian 9 Subject:dhclient-script executes dhclient-{enter,exit}-hooks when it should not Bug Detail =========== Hi, I encountered a bug in ISC DHCP Client 4.3.5 on Debian 9 and reported it to the Debian project [1]. However, since the same code is still in the current dhcp.git master branch, hence I'm reporting the bug here as well. The issue is that dhclient-script does not honor the executability flag of either /etc/dhcp/dhclient-{enter,exit}-hooks or files inside the directories /etc/dhcp/dhclient-{enter,exit}-hooks.d/ and will execute even non-executable files by sourcing them. This is not supposed to happen according to the dhclient-script man page. Quote from the man page: "[dhclient-script] checks for the presence of an executable /etc/dhcp/dhclient-enter-hooks script, which if present is invoked using the '.' command." The passage on the exit-hooks reads likewise. However, dhclient-script does not actually check the executability of any of these files. The run-hook function in dhclient-script only checks whether the argument is a file and then sources it, see lines 136-137 of dhclient-script in current master: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l136 In addition, the run-hookdir function also iterates over files that are not executable, see line 154 in the same file: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l154 The problem here is the list switch of run-parts. Quote from the run-parts man page: --list print the names of the all matching files (not limited to executables), but don't actually run them. It would be better to use the --test switch here instead which will only print the names of executable files in the folder without actually running them. Thus, a fix should be rather trivial to get dhclient-script to actually invoke executables only. Regards, Timo [1] Debian Bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873133 --- This email was received through isc.org Bug Submission Form