From nobody@FreeBSD.org  Tue Feb 28 13:21:00 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 303A916A420
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Feb 2006 13:21:00 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EBE8743D48
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Feb 2006 13:20:59 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k1SDKxWV059550
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Feb 2006 13:20:59 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k1SDKx96059549;
	Tue, 28 Feb 2006 13:20:59 GMT
	(envelope-from nobody)
Message-Id: <200602281320.k1SDKx96059549@www.freebsd.org>
Date: Tue, 28 Feb 2006 13:20:59 GMT
From: Nick Hibma <nick@anywi.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] dhclient-script writes in /etc which should be in /tmp
X-Send-Pr-Version: www-2.3

>Number:         93940
>Category:       bin
>Synopsis:       [patch] dhclient-script writes in /etc which should be in /tmp
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 28 13:30:02 GMT 2006
>Closed-Date:    Sun May 07 23:53:21 GMT 2006
>Last-Modified:  Sun May 07 23:53:21 GMT 2006
>Originator:     Nick Hibma
>Release:        6-RELEASE (I think, but userland might be 5.x)
>Organization:
AnyWi Technologies
>Environment:
FreeBSD hind.van-laarhoven.org 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005     root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
dhclient-script writes into /etc/resolve.conf.std instead of in /tmp. If you mount the root partition read-only on a soekris (embedded system) you cannot do this and the script will (silently) fail and not set resolv.conf at all.


>How-To-Repeat:

>Fix:
This patch is in use.

% diff /sbin/dhclient-script /sbin/dhclient-script~
137c137
<       rm -f /tmp/resolv.conf.std
---
>       rm -f /etc/resolv.conf.std
140c140
<               echo "search $new_domain_name" >>/tmp/resolv.conf.std
---
>               echo "search $new_domain_name" >>/etc/resolv.conf.std
145c145
<                       echo "nameserver $nameserver" >>/tmp/resolv.conf.std
---
>                       echo "nameserver $nameserver" >>/etc/resolv.conf.std
149,151c149,151
<       if [ -f /tmp/resolv.conf.std ]; then
<               if [ -f /tmp/resolv.conf.tail ]; then
<                       cat /tmp/resolv.conf.tail >>/tmp/resolv.conf.std
---
>       if [ -f /etc/resolv.conf.std ]; then
>               if [ -f /etc/resolv.conf.tail ]; then
>                       cat /etc/resolv.conf.tail >>/etc/resolv.conf.std
159,160c159,160
<               if cmp -s /tmp/resolv.conf.std /etc/resolv.conf; then
<                       rm -f /tmp/resolv.conf.std
---
>               if cmp -s /etc/resolv.conf.std /etc/resolv.conf; then
>                       rm -f /etc/resolv.conf.std
171,172c171,172
<               cat /tmp/resolv.conf.std > /etc/resolv.conf
<               rm -f /tmp/resolv.conf.std
---
>               cat /etc/resolv.conf.std > /etc/resolv.conf
>               rm -f /etc/resolv.conf.std

>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Nick Hibma <nick@anywi.com>
Cc: bug-followup@freebsd.org
Subject: Re: misc/93940: [patch] dhclient-script writes in /etc which should be in /tmp
Date: Tue, 28 Feb 2006 15:45:47 +0200

     On 2006-02-28 13:20, Nick Hibma <nick@anywi.com> wrote:
     > dhclient-script writes into /etc/resolve.conf.std instead of in
     > /tmp. If you mount the root partition read-only on a soekris
     > (embedded system) you cannot do this and the script will
     > (silently) fail and not set resolv.conf at all.
 
 This is probably silly, but since dhclient will eventually *have* to
 write `/etc/resolv.conf' isn't it safe to assume that it can also write
 to `/etc/resolv.conf.std'?  Unless, of course, the `/etc/resolv.conf'
 file is a symlink somewhere else I guess...
 
State-Changed-From-To: open->closed 
State-Changed-By: brooks 
State-Changed-When: Sun May 7 23:51:30 UTC 2006 
State-Changed-Why:  
A similar patch was committed as rev 1.12 and then fixed to use /var/run 
instead of creating symlink overwrite attacks in rev 1.14. The MFC of 
that patch is being tracked in bin/90518. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93940 
>Unformatted:
