Merge lp:~roadmr/ubuntu/oneiric/casper/809885 into lp:ubuntu/oneiric/casper
Status: | Needs review |
---|---|
Proposed branch: | lp:~roadmr/ubuntu/oneiric/casper/809885 |
Merge into: | lp:ubuntu/oneiric/casper |
Diff against target: |
47 lines (+13/-9) 2 files modified
debian/changelog (+6/-1) scripts/casper-bottom/23networking (+7/-8) |
To merge this branch: | bzr merge lp:~roadmr/ubuntu/oneiric/casper/809885 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Daniel Manrique (community) | Needs Resubmitting | ||
Colin Watson | Needs Fixing | ||
Review via email: mp+67868@code.launchpad.net |
Description of the change
Modifies the regexps used to process resolv.conf entries in scripts/
They now strip single quotes from all entries taken from file written by ipconfig, to ensure the generated /etc/resolv.conf is formatted correctly.
Fixes bug 809885.
Unmerged revisions
- 908. By Daniel Manrique
-
fixed regular expression to process the domain entry in resolv.conf
- 907. By Daniel Manrique
-
merged from trunk
- 906. By Daniel Manrique
-
Reworked as per cjwatson's suggestions.
scripts/casper- bottom/ 23networking: source file written by ipconfig
and use the resulting environment variables to build resolv.conf.
(LP: #809885). - 905. By Daniel Manrique
-
scripts/
casper- bottom/ 23networking: Strip single quotes from all entries
taken from file written by ipconfig, to ensure the generated
/etc/resolv.conf is formatted correctly (LP: #809885).
To be honest, I think this just highlights the bad way casper was handling this file before you touched it (which is my fault, since apparently I introduced this code). Rather than patching around the problem, could you just make casper read ipconfig's output as shell input using '. /tmp/net- "${DEVICE} ".conf' , and then we can just use the resulting shell variables? That would be more reliable long-term than trying to keep up with which way ipconfig currently quotes shell variables.
You mention arbitrary code execution in your bug report; but I don't think that's a concern here. All this code is running as root, and if ipconfig wanted to cause casper to run some evil code then it could just do so itself. Furthermore, it's all running in the initramfs, where there is no possibility that a malicious user might have injected data into /tmp. The current code in casper tries to parse ipconfig's output like this because it's wrong, not because it's clever.