resolver-conf: DNS spoofing via DHCP
Fix available here as part of https://github.com/CZ-NIC/turris-os-packages/pull/65 (rather long Pull request)
The patch in question is here: https://github.com/CZ-NIC/turris-os-packages/pull/65/commits/8e3963287b998215e5aa09cc477a0aede44a84c4
Details
Due to the way /etc/resolver/dhcp_host_domain_ng.py
is called, a DHCP client not providing a hostname will spoof the DNS by creating an additional DNS record with the same name as the router.
-
dhcp_host_domain_ng.py
reads the host name to add a lease for from the environment variableHOSTNAME
. On UNIX-like systems, this is a well known environment variable, usually set to the hostname of the actual system. When the DHCP client does not provide a hostname, it is not overwritten or unset. - A new A-record is created with the name of the router, but a different IP
- router potentially unreachable
It could also be considered an issue in interface design.