X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org MIME-Version: 1.0 Return-Path: Delivered-To: dhcp-confidential@bugs.isc.org From www@isc.org Mon Aug 28 10:06:44 2017 X-Original-To: dhcp-confidential@bugs.isc.org Message-ID: X-RT-Incoming-Encryption: Not encrypted content-type: text/plain; charset="utf-8" X-PHP-Originating-Script: 20001:class-phpmailer.php Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id C434ED78AF0 for ; Mon, 28 Aug 2017 10:06:44 +0000 (UTC) Received: from iscwebprod.isc.org (iscwebprod.isc.org [IPv6:2001:4f8:1:d::16]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 2440734A956 for ; Mon, 28 Aug 2017 10:06:42 +0000 (UTC) Received: from www (uid 80) (envelope-from www@iscwebprod.isc.org) id 7b7d08 by iscwebprod.isc.org (DragonFly Mail Agent v0.11); Mon, 28 Aug 2017 10:06:41 +0000 Date: Mon, 28 Aug 2017 10:06:41 +0000 X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) To: dhcp-bugs@isc.org From: "Timo Sigurdsson" Subject: DHCP Client 4.3.5 - dhclient-script executes dhclient-{enter,exit}-hooks when it should not X-RT-Original-Encoding: utf-8 X-RT-Interface: Email Content-Length: 2308 Bug Report from www.isc.org: Name: Timo Sigurdsson Email: public_timo.s@silentcreek.de Software Version: DHCP Client 4.3.5 OS: Debian 9 Subject:dhclient-script executes dhclient-{enter,exit}-hooks when it should not Bug Detail =========== Hi, I encountered a bug in ISC DHCP Client 4.3.5 on Debian 9 and reported it to the Debian project [1]. However, since the same code is still in the current dhcp.git master branch, hence I'm reporting the bug here as well. The issue is that dhclient-script does not honor the executability flag of either /etc/dhcp/dhclient-{enter,exit}-hooks or files inside the directories /etc/dhcp/dhclient-{enter,exit}-hooks.d/ and will execute even non-executable files by sourcing them. This is not supposed to happen according to the dhclient-script man page. Quote from the man page: "[dhclient-script] checks for the presence of an executable /etc/dhcp/dhclient-enter-hooks script, which if present is invoked using the '.' command." The passage on the exit-hooks reads likewise. However, dhclient-script does not actually check the executability of any of these files. The run-hook function in dhclient-script only checks whether the argument is a file and then sources it, see lines 136-137 of dhclient-script in current master: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l136 In addition, the run-hookdir function also iterates over files that are not executable, see line 154 in the same file: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=blob;f=client/scripts/linux;h=5fb16121f0059fd0ce33142c870ef5566966411a;hb=refs/heads/master#l154 The problem here is the list switch of run-parts. Quote from the run-parts man page: --list print the names of the all matching files (not limited to executables), but don't actually run them. It would be better to use the --test switch here instead which will only print the names of executable files in the folder without actually running them. Thus, a fix should be rather trivial to get dhclient-script to actually invoke executables only. Regards, Timo [1] Debian Bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873133 --- This email was received through isc.org Bug Submission Form