Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170425023934.GT17319@brightrain.aerifal.cx>
Date: Mon, 24 Apr 2017 22:39:34 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] Add RES_OPTIONS support for resolv.conf options
 overriding

On Mon, Apr 24, 2017 at 07:21:22PM -0700, Stefan Sedich wrote:
> Currently glibc supports using the RES_OPTIONS environment variable
> to customize the resolv.conf options on a per-process basis, this
> adds the same support to musl
> ---
>  src/network/resolvconf.c | 48 ++++++++++++++++++++++++++++++------------------
>  1 file changed, 30 insertions(+), 18 deletions(-)
> 
> diff --git a/src/network/resolvconf.c b/src/network/resolvconf.c
> index 4c3e4c4b..c759ff61 100644
> --- a/src/network/resolvconf.c
> +++ b/src/network/resolvconf.c
> @@ -5,6 +5,30 @@
>  #include <string.h>
>  #include <netinet/in.h>
>  
> +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> +{
> +	char *p, *z;
> +
> +	p = strstr(opts, "ndots:");
> +	if (p && isdigit(p[6])) {
> +		p += 6;
> +		unsigned long x = strtoul(p, &z, 10);
> +		if (z != p) conf->ndots = x > 15 ? 15 : x;
> +	}
> +	p = strstr(opts, "attempts:");
> +	if (p && isdigit(p[9])) {
> +		p += 9;
> +		unsigned long x = strtoul(p, &z, 10);
> +		if (z != p) conf->attempts = x > 10 ? 10 : x;
> +	}
> +	p = strstr(opts, "timeout:");
> +	if (p && (isdigit(p[8]) || p[8]=='.')) {
> +		p += 8;
> +		unsigned long x = strtoul(p, &z, 10);
> +		if (z != p) conf->timeout = x > 60 ? 60 : x;
> +	}
> +}
> +
>  int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
>  {
>  	char line[256];
> @@ -38,24 +62,7 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
>  			continue;
>  		}
>  		if (!strncmp(line, "options", 7) && isspace(line[7])) {
> -			p = strstr(line, "ndots:");
> -			if (p && isdigit(p[6])) {
> -				p += 6;
> -				unsigned long x = strtoul(p, &z, 10);
> -				if (z != p) conf->ndots = x > 15 ? 15 : x;
> -			}
> -			p = strstr(line, "attempts:");
> -			if (p && isdigit(p[9])) {
> -				p += 9;
> -				unsigned long x = strtoul(p, &z, 10);
> -				if (z != p) conf->attempts = x > 10 ? 10 : x;
> -			}
> -			p = strstr(line, "timeout:");
> -			if (p && (isdigit(p[8]) || p[8]=='.')) {
> -				p += 8;
> -				unsigned long x = strtoul(p, &z, 10);
> -				if (z != p) conf->timeout = x > 60 ? 60 : x;
> -			}
> +			__parse_resolv_opts(conf, line);
>  			continue;
>  		}
>  		if (!strncmp(line, "nameserver", 10) && isspace(line[10])) {
> @@ -79,6 +86,11 @@ int __get_resolv_conf(struct resolvconf *conf, char *search, size_t search_sz)
>  		memcpy(search, p, l+1);
>  	}
>  
> +	char *res_opts_env;
> +	if ((res_opts_env = getenv("RES_OPTIONS")) != NULL) {
> +		__parse_resolv_opts(conf, res_opts_env);
> +	}
> +
>  	__fclose_ca(f);
>  
>  no_resolv_conf:
> -- 
> 2.11.0

At the very least, this needs to be suppressed for suid and suid-like
processes. But otherwise it's probably okay.

What I'd really like is a way for users to override nameserver and
search directives (so pretty much, all of resolv.conf) in a way that
doesn't need root; this would be really valuable for testing. But
sadly there's no precedent for an interface to do so. Maybe it's
something we could work on a unified solution to with other
implementations (glibc, bsds?).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.