* [PATCH] Add RES_OPTIONS support for resolv.conf options overriding
@ 2017-04-25 2:21 Stefan Sedich
2017-04-25 2:39 ` Rich Felker
0 siblings, 1 reply; 5+ messages in thread
From: Stefan Sedich @ 2017-04-25 2:21 UTC (permalink / raw)
To: musl; +Cc: Stefan Sedich
Currently glibc supports using the RES_OPTIONS environment variable
to customize the resolv.conf options on a per-process basis, this
adds the same support to musl
---
src/network/resolvconf.c | 48 ++++++++++++++++++++++++++++++------------------
1 file changed, 30 insertions(+), 18 deletions(-)
diff --git a/src/network/resolvconf.c b/src/network/resolvconf.c
index 4c3e4c4b..c759ff61 100644
--- a/src/network/resolvconf.c
+++ b/src/network/resolvconf.c
@@ -5,6 +5,30 @@
#include <string.h>
#include <netinet/in.h>
+void __parse_resolv_opts(struct resolvconf *conf, char *opts)
+{
+ char *p, *z;
+
+ p = strstr(opts, "ndots:");
+ if (p && isdigit(p[6])) {
+ p += 6;
+ unsigned long x = strtoul(p, &z, 10);
+ if (z != p) conf->ndots = x > 15 ? 15 : x;
+ }
+ p = strstr(opts, "attempts:");
+ if (p && isdigit(p[9])) {
+ p += 9;
+ unsigned long x = strtoul(p, &z, 10);
+ if (z != p) conf->attempts = x > 10 ? 10 : x;
+ }
+ p = strstr(opts, "timeout:");
+ if (p && (isdigit(p[8]) || p[8]=='.')) {
+ p += 8;
+ unsigned long x = strtoul(p, &z, 10);
+ if (z != p) conf->timeout = x > 60 ? 60 : x;
+ }
+}
+
int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
{
char line[256];
@@ -38,24 +62,7 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
continue;
}
if (!strncmp(line, "options", 7) && isspace(line[7])) {
- p = strstr(line, "ndots:");
- if (p && isdigit(p[6])) {
- p += 6;
- unsigned long x = strtoul(p, &z, 10);
- if (z != p) conf->ndots = x > 15 ? 15 : x;
- }
- p = strstr(line, "attempts:");
- if (p && isdigit(p[9])) {
- p += 9;
- unsigned long x = strtoul(p, &z, 10);
- if (z != p) conf->attempts = x > 10 ? 10 : x;
- }
- p = strstr(line, "timeout:");
- if (p && (isdigit(p[8]) || p[8]=='.')) {
- p += 8;
- unsigned long x = strtoul(p, &z, 10);
- if (z != p) conf->timeout = x > 60 ? 60 : x;
- }
+ __parse_resolv_opts(conf, line);
continue;
}
if (!strncmp(line, "nameserver", 10) && isspace(line[10])) {
@@ -79,6 +86,11 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
memcpy(search, p, l+1);
}
+ char *res_opts_env;
+ if ((res_opts_env = getenv("RES_OPTIONS")) != NULL) {
+ __parse_resolv_opts(conf, res_opts_env);
+ }
+
__fclose_ca(f);
no_resolv_conf:
--
2.11.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Add RES_OPTIONS support for resolv.conf options overriding
2017-04-25 2:21 [PATCH] Add RES_OPTIONS support for resolv.conf options overriding Stefan Sedich
@ 2017-04-25 2:39 ` Rich Felker
2017-04-25 2:50 ` Kurt H Maier
0 siblings, 1 reply; 5+ messages in thread
From: Rich Felker @ 2017-04-25 2:39 UTC (permalink / raw)
To: musl
On Mon, Apr 24, 2017 at 07:21:22PM -0700, Stefan Sedich wrote:
> Currently glibc supports using the RES_OPTIONS environment variable
> to customize the resolv.conf options on a per-process basis, this
> adds the same support to musl
> ---
> src/network/resolvconf.c | 48 ++++++++++++++++++++++++++++++------------------
> 1 file changed, 30 insertions(+), 18 deletions(-)
>
> diff --git a/src/network/resolvconf.c b/src/network/resolvconf.c
> index 4c3e4c4b..c759ff61 100644
> --- a/src/network/resolvconf.c
> +++ b/src/network/resolvconf.c
> @@ -5,6 +5,30 @@
> #include <string.h>
> #include <netinet/in.h>
>
> +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> +{
> + char *p, *z;
> +
> + p = strstr(opts, "ndots:");
> + if (p && isdigit(p[6])) {
> + p += 6;
> + unsigned long x = strtoul(p, &z, 10);
> + if (z != p) conf->ndots = x > 15 ? 15 : x;
> + }
> + p = strstr(opts, "attempts:");
> + if (p && isdigit(p[9])) {
> + p += 9;
> + unsigned long x = strtoul(p, &z, 10);
> + if (z != p) conf->attempts = x > 10 ? 10 : x;
> + }
> + p = strstr(opts, "timeout:");
> + if (p && (isdigit(p[8]) || p[8]=='.')) {
> + p += 8;
> + unsigned long x = strtoul(p, &z, 10);
> + if (z != p) conf->timeout = x > 60 ? 60 : x;
> + }
> +}
> +
> int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
> {
> char line[256];
> @@ -38,24 +62,7 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
> continue;
> }
> if (!strncmp(line, "options", 7) && isspace(line[7])) {
> - p = strstr(line, "ndots:");
> - if (p && isdigit(p[6])) {
> - p += 6;
> - unsigned long x = strtoul(p, &z, 10);
> - if (z != p) conf->ndots = x > 15 ? 15 : x;
> - }
> - p = strstr(line, "attempts:");
> - if (p && isdigit(p[9])) {
> - p += 9;
> - unsigned long x = strtoul(p, &z, 10);
> - if (z != p) conf->attempts = x > 10 ? 10 : x;
> - }
> - p = strstr(line, "timeout:");
> - if (p && (isdigit(p[8]) || p[8]=='.')) {
> - p += 8;
> - unsigned long x = strtoul(p, &z, 10);
> - if (z != p) conf->timeout = x > 60 ? 60 : x;
> - }
> + __parse_resolv_opts(conf, line);
> continue;
> }
> if (!strncmp(line, "nameserver", 10) && isspace(line[10])) {
> @@ -79,6 +86,11 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
> memcpy(search, p, l+1);
> }
>
> + char *res_opts_env;
> + if ((res_opts_env = getenv("RES_OPTIONS")) != NULL) {
> + __parse_resolv_opts(conf, res_opts_env);
> + }
> +
> __fclose_ca(f);
>
> no_resolv_conf:
> --
> 2.11.0
At the very least, this needs to be suppressed for suid and suid-like
processes. But otherwise it's probably okay.
What I'd really like is a way for users to override nameserver and
search directives (so pretty much, all of resolv.conf) in a way that
doesn't need root; this would be really valuable for testing. But
sadly there's no precedent for an interface to do so. Maybe it's
something we could work on a unified solution to with other
implementations (glibc, bsds?).
Rich
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Add RES_OPTIONS support for resolv.conf options overriding
2017-04-25 2:39 ` Rich Felker
@ 2017-04-25 2:50 ` Kurt H Maier
2017-04-25 4:30 ` Stefan Sedich
0 siblings, 1 reply; 5+ messages in thread
From: Kurt H Maier @ 2017-04-25 2:50 UTC (permalink / raw)
To: musl
On Mon, Apr 24, 2017 at 10:39:34PM -0400, Rich Felker wrote:
>
> What I'd really like is a way for users to override nameserver and
> search directives (so pretty much, all of resolv.conf) in a way that
> doesn't need root; this would be really valuable for testing. But
> sadly there's no precedent for an interface to do so. Maybe it's
> something we could work on a unified solution to with other
> implementations (glibc, bsds?).
>
> Rich
FreeBSD and OpenBSD both currently support RES_OPTIONS (and LOCALDOMAIN
for overriding the search directive) but I don't think they support
overriding the nameserver directive. There's just the HOSTALIASES
variable for pointing to a file full of 'alias hostname' pairs.
khm
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Add RES_OPTIONS support for resolv.conf options overriding
2017-04-25 2:50 ` Kurt H Maier
@ 2017-04-25 4:30 ` Stefan Sedich
2017-04-25 16:48 ` Rich Felker
0 siblings, 1 reply; 5+ messages in thread
From: Stefan Sedich @ 2017-04-25 4:30 UTC (permalink / raw)
To: musl
[-- Attachment #1: Type: text/plain, Size: 1087 bytes --]
Rich,
I will make the change, but so I understand some more what would be the
implications of not ignoring it in this scenario? I understand why it is
bad in the case of the load paths for example but just want to understand
the issue in this context.
- Stefan
On Mon, Apr 24, 2017 at 7:50 PM Kurt H Maier <khm@sdf.org> wrote:
> On Mon, Apr 24, 2017 at 10:39:34PM -0400, Rich Felker wrote:
> >
> > What I'd really like is a way for users to override nameserver and
> > search directives (so pretty much, all of resolv.conf) in a way that
> > doesn't need root; this would be really valuable for testing. But
> > sadly there's no precedent for an interface to do so. Maybe it's
> > something we could work on a unified solution to with other
> > implementations (glibc, bsds?).
> >
> > Rich
>
> FreeBSD and OpenBSD both currently support RES_OPTIONS (and LOCALDOMAIN
> for overriding the search directive) but I don't think they support
> overriding the nameserver directive. There's just the HOSTALIASES
> variable for pointing to a file full of 'alias hostname' pairs.
>
> khm
>
[-- Attachment #2: Type: text/html, Size: 1507 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Add RES_OPTIONS support for resolv.conf options overriding
2017-04-25 4:30 ` Stefan Sedich
@ 2017-04-25 16:48 ` Rich Felker
0 siblings, 0 replies; 5+ messages in thread
From: Rich Felker @ 2017-04-25 16:48 UTC (permalink / raw)
To: musl
On Tue, Apr 25, 2017 at 04:30:58AM +0000, Stefan Sedich wrote:
> Rich,
>
> I will make the change, but so I understand some more what would be the
> implications of not ignoring it in this scenario? I understand why it is
> bad in the case of the load paths for example but just want to understand
> the issue in this context.
Primarily it's just a general principle of safety. A few specific
attacks I can think of here, though:
1. By manipulating ndots, you could cause a privileged process to
lookup the wrong domain.
2. By controlling timeout and retries, you could widen the window for
dns spoofing attacks.
Neither of these should lead to privilege-elevation if proper
authentication is used (dns alone is not sufficient to authenticate a
server to a client without dnssec), but lots of stuff is not written
to be safe...
BTW, please reply inline/below on lists rather than top-posting.
Rich
> On Mon, Apr 24, 2017 at 7:50 PM Kurt H Maier <khm@sdf.org> wrote:
>
> > On Mon, Apr 24, 2017 at 10:39:34PM -0400, Rich Felker wrote:
> > >
> > > What I'd really like is a way for users to override nameserver and
> > > search directives (so pretty much, all of resolv.conf) in a way that
> > > doesn't need root; this would be really valuable for testing. But
> > > sadly there's no precedent for an interface to do so. Maybe it's
> > > something we could work on a unified solution to with other
> > > implementations (glibc, bsds?).
> > >
> > > Rich
> >
> > FreeBSD and OpenBSD both currently support RES_OPTIONS (and LOCALDOMAIN
> > for overriding the search directive) but I don't think they support
> > overriding the nameserver directive. There's just the HOSTALIASES
> > variable for pointing to a file full of 'alias hostname' pairs.
> >
> > khm
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-25 16:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-25 2:21 [PATCH] Add RES_OPTIONS support for resolv.conf options overriding Stefan Sedich
2017-04-25 2:39 ` Rich Felker
2017-04-25 2:50 ` Kurt H Maier
2017-04-25 4:30 ` Stefan Sedich
2017-04-25 16:48 ` Rich Felker
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).