Draft: resolver-conf: prevent hostname spoofing (!1017) · Merge requests · Turris / Turris OS / Turris OS packages · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Martin Matějek requested to merge hotfix/871-resolver-conf-dns-spoofing-via-dhcp into master Nov 25, 2022

when a client requests a dhcp lease but does not provide a hostname, then the dhcp-script.sh does not provide a hostname. That results in using the HOSTNAME variable from the environment, containing the hostname of the resolver, finally resulting in an additional A-Record with another IP adress. The router then may become unreachable
Fix is, to read the configured hostname via uci and consider it as an invalid one.

Fixed

Do not set hostname of the router to dhcp lease, which does not provide its own hostname.

Closes: #871 (closed)

Co-authored-by: Martin Matějek martin.matejek@nic.cz