From 4107f122969044e3e6f2e976cf8294dd9d91a1ee Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Tue, 12 May 2026 03:25:20 +0200 Subject: [PATCH] fix(network): warn on suspicious shell metacharacters in hostname file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit setup_net() sources /tmp/net.$netif.hostname as shell, which is written by dhclient-script.sh or ifup.sh. Add a defensive check that warns if the file contains shell metacharacters ($, `, ;, &, |, () that should never appear in a legitimate hostname, indicating possible DHCP-based command injection attempts. The file is still sourced for compatibility — the writer-side fix (printf '%q') already prevents execution of injected content. Co-Authored-By: Claude Opus 4.6 Related: RHEL-170847 --- modules.d/40network/net-lib.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh index 128d6343..bbfb0a9f 100755 --- a/modules.d/40network/net-lib.sh +++ b/modules.d/40network/net-lib.sh @@ -117,9 +117,16 @@ setup_net() { [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces [ -z "$IFACES" ] && IFACES="$netif" # run the scripts written by ifup - [ -e /tmp/net.$netif.hostname ] && . /tmp/net.$netif.hostname - [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override - [ -e /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts + if [ -e /tmp/net."$netif".hostname ]; then + if grep -qE '[$`;&|(]' /tmp/net."$netif".hostname 2>/dev/null; then + warn "setup_net $netif: /tmp/net.$netif.hostname contains suspicious shell metacharacters" + fi + # shellcheck disable=SC1090 + . /tmp/net."$netif".hostname + fi + [ -e /tmp/net."$netif".override ] && . /tmp/net."$netif".override + [ -e /tmp/dhclient."$netif".dhcpopts ] && . /tmp/dhclient."$netif".dhcpopts + # set up resolv.conf [ -e /tmp/net.$netif.resolv.conf ] && \ awk '!array[$0]++' /tmp/net.$netif.resolv.conf > /etc/resolv.conf