On Fri, Sep 26, 2014 at 5:54 PM, Brandon Allbery <[email protected]>
wrote:
> man 8 dhclient-script
And for those without ready access for some reason:
When dhclient(8) needs to invoke the client configuration script, it sets
>
> up a number of environment variables and runs dhclient-script. In all
>
> cases, $reason is set to the name of the reason why the script has
>> been
>
> invoked. The following reasons are currently defined: MEDIUM,
>> PREINIT,
>
> ARPCHECK, ARPSEND, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL and
>
> TIMEOUT.
>
> (...)
> BOUND The DHCP client has done an initial binding to a new
> address.
The new IP address is passed in $new_ip_address, and the
> inter-
face name is passed in $interface. The media type is passed
> in
$medium. Any options acquired from the server are passed
> using
the option name described in dhcp-options(5), except that
dashes (`-') are replaced by underscores (`_') in order to
> make
valid shell variables, and the variable names start with
``new_''. So for example, the new subnet mask would be
> passed
in $new_subnet_mask.
Note that the only sanitization is done to the option *name*; the value is
passed through unmodified. Which leads us to
https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/
(demonstrated using dhcpcd, which uses a similar mechanism to dhclient).
--
brandon s allbery kf8nh sine nomine associates
[email protected] [email protected]
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
