On Mon, 27 Oct 2025 at 19:26:47 -0700, [email protected] wrote:
On Mon, Oct 27, 2025 at 09:37:03PM -0400, Demi Marie Obenour wrote:
I suspect that OPNsense generates dnsmasq and Unbound
configuration files from data provided in the web UI.
And OpenWRT. Definitely. Not sure how much validation there is.
The OpenWRT web UI can also execute arbitrary code (most obviously via
System -> Startup -> Local Startup which directly edits /etc/rc.local),
so an authenticated user of the OpenWRT web UI is already on the
secure/trusted side of the airtight hatchway, and it isn't a
vulnerability if they can also execute arbitrary code in some more
convoluted way than just writing it into /etc/rc.local.
smcv
