guarantee RFC standardized hostname
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Aug 25 07:21:03 UTC 2011
Ted Lemon wrote:
>>I'm assuming that you don't have any kind of pre-existing records
>>for these hosts? We track all hosts here, and force a hostname to
>>be defined at registration time, with all of the usual validity and
>>uniqueness checks. We then feed this data into our dhcp
>>configuration files, and all client supplied ddns hostname values
>>are summarily ignored.
>What's the threat model here?
Basically the same sort of threat as SQL injection has on SQL based
systems. If **any** bit of code in the chain fails to sanitise/handle
abnormal input then there's a vector for problems (whether innocent
or malicious).
In this case, there's one very common one already mentioned. How many
times have you seen code break when fed a value with an embedded
space ? I've seen it plenty of times.
If you knew (for example) that the value went through a Bash script,
then you might try "somevalue<space>;rm -rf /" as your input. If the
code hasn't handled the space properly then there's scope for your
system to die a mysterious death.
I know ISC's DHCP and BIND aren't written in Bash, but the same
principal applies - don't assume everything downstream can handle
garbage !
In the past I has a nice one where a print server box padded out the
hostname to 8 characters with nulls - took me a while to figure out
some rather oddball DNS update errors. Hint, what's a string
terminator in "C" ?
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list