dracut/0115.patch
Pavel Valena 9afa387eea dracut-057-118.git20260624
(Includes partial revert of 8107ee642f9929e7e656fc52759816b51fbaef90.)

- feat(resume): add device used for resume
- fix(dracut): remove trailing null characters from SBATs when building UKIs
- fix(network-legacy): replace `echo` writes with `printf` to prevent injection via DHCP
- fix(iscsi): replace `echo` writes with `printf` to prevent variable injection
- fix(network): warn on suspicious shell metacharacters in hostname file
- fix(base): escape arguments in initqueue hook script generation
- revert: "feat(i18n): pull 'drm' or 'simpledrm' module unless excluded"

Resolves: RHEL-119785,RHEL-140458,RHEL-170858,RHEL-178488
2026-06-25 01:40:34 +02:00

47 lines
1.8 KiB
Diff

From 8823fab4f32315e5e7c376116954b9f84b2576dd Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 12 May 2026 03:25:20 +0200
Subject: [PATCH] fix(network): warn on suspicious shell metacharacters in
hostname file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
setup_net() sources /tmp/net.$netif.hostname as shell, which is written
by dhclient-script.sh or ifup.sh. Add a defensive check that warns if
the file contains shell metacharacters ($, `, ;, &, |, () that should
never appear in a legitimate hostname, indicating possible DHCP-based
command injection attempts.
The file is still sourced for compatibility — the writer-side fix
(printf '%q') already prevents execution of injected content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Related: RHEL-170858
---
modules.d/40network/net-lib.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh
index a294a390..03be4c6d 100755
--- a/modules.d/40network/net-lib.sh
+++ b/modules.d/40network/net-lib.sh
@@ -127,8 +127,13 @@ setup_net() {
[ -e "/tmp/net.ifaces" ] && read -r IFACES < /tmp/net.ifaces
[ -z "$IFACES" ] && IFACES="$netif"
# run the scripts written by ifup
- # shellcheck disable=SC1090
- [ -e /tmp/net."$netif".hostname ] && . /tmp/net."$netif".hostname
+ if [ -e /tmp/net."$netif".hostname ]; then
+ if grep -qE '[$`;&|(]' /tmp/net."$netif".hostname 2> /dev/null; then
+ warn "setup_net $netif: /tmp/net.$netif.hostname contains suspicious shell metacharacters"
+ fi
+ # shellcheck disable=SC1090
+ . /tmp/net."$netif".hostname
+ fi
# shellcheck disable=SC1090
[ -e /tmp/net."$netif".override ] && . /tmp/net."$netif".override
# shellcheck disable=SC1090