[pkg-dhcp-devel] Bug#873133: isc-dhcp-client: dhclient-scripts executes dhclient-{enter, exit}-hooks when it should not

Timo Sigurdsson public_timo.s at silentcreek.de
Thu Aug 24 19:17:38 UTC 2017 

Package: isc-dhcp-client
Version: 4.3.5-3
Severity: normal

Dear Maintainer,

I noticed that dhclient-script does not honor the executability flag of
either /etc/dhcp/dhclient-{enter,exit}-hooks or files inside the directories
/etc/dhcp/dhclient-{enter,exit}-hooks.d/ and will execute even non-executable
files by sourcing them. This is not supposed to happen according to the
dhclient-script man page.

Quote from the man page:
  [dhclient-script] checks for the presence of an executable
  /etc/dhcp/dhclient-enter-hooks script, and if present, it invokes the
  script inline, using the Bourne shell '.' command. It also invokes all
  executable scripts in /etc/dhcp/dhclient-enter-hooks.d/* in the same way.

The passage on the exit-hooks reads likewise.

However, dhclient-script does not actually check the executability of any of
these files. The run-hook function in dhclient-script only checks whether the
argument is a file and then sources it, see lines 144-145 of dhclient-script:
  if [ -f $script ]; then
    . $script

In addition, the run-hookdir function also iterates over files that are not
executable, see line 162:
  for script in $(run-parts --list $dir); do

The problem here is the list switch of run-parts. Quote from the run-parts
man page:
  --list print the names of the all matching files (not limited to
         executables), but don't actually run them.

It would be better to use the --test switch here instead which will only
print the names of executable files in the folder without actually running
them.

Thus, a fix should be rather trivial to get dhclient-script to actually
invoke executables only.

On a sidenote, though, on my rather fresh installation of Debian Stretch, I
have several files inside /etc/dhcp/dhclient-exit-hooks.d/ that are not
executable by default such as
  debug
  timesyncd
  rfc3442-classless-routes
So, I'm wondering whether their respective authors actually meant them to be
run by default or not.

Regards,

Timo

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages isc-dhcp-client depends on:
ii  debianutils       4.8.1.1
ii  iproute2          4.9.0-1
ii  libc6             2.24-11+deb9u1
ii  libdns-export162  1:9.10.3.dfsg.P4-12.3+deb9u2
ii  libisc-export160  1:9.10.3.dfsg.P4-12.3+deb9u2

Versions of packages isc-dhcp-client recommends:
ii  isc-dhcp-common  4.3.5-3

Versions of packages isc-dhcp-client suggests:
ii  avahi-autoipd         0.6.32-2
pn  isc-dhcp-client-ddns  <none>
pn  resolvconf            <none>

-- no debconf information

More information about the pkg-dhcp-devel mailing list