Bug#947769: pppconfig: The /etc/ppp/ip-up.d/0dns-up script fails to properly assign static nameservers.
Package: pppconfig
Version: 2.3.23
Severity: important
Dear Maintainer,
The script /etc/ppp/ip-up.d/0dns-up fails to assign the static DNS config for the specific peer (as per the manual, the static file to temporary replace /etc/resolv.conf
is stored in /etc/ppp/resolv/ directory, and named after the IPPARAM for the specific peer).
The issue may lead to unexpected DNS leak (when establishing pptp VPN connection, instead of statically explocitly configured nameservers, the defaul ones are still used)
The issue is in line 63:
...
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw " || exit 0
...
where the grep fails to acknowledge that the root directory is mounted rw (due to requiring rw substring to be surrounded by spaces from both sides).
An easy fix, changing the above for example to
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw" || exit 0
will allow the script to operate properly, as per the corresponding ppconfig manual.
Yours,
manul
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pppconfig depends on:
ii init-system-helpers 1.57
ii ppp 2.4.7-2+4.1+b1
ii whiptail 0.52.21-4
pppconfig recommends no packages.
Versions of packages pppconfig suggests:
pn resolvconf <none>
-- Configuration Files:
/etc/ppp/ip-up.d/0dns-up changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -f /usr/sbin/pppconfig || exit 0
test -z "$PPP_IPPARAM" && exit 0
PROVIDER=`echo "$PPP_IPPARAM" | cut -d' ' -f1`
ETC="/etc"
RUNDIR="/var/run/pppconfig"
RESOLVCONF="$ETC/resolv.conf"
PPPRESOLV="$ETC/ppp/resolv"
TEMPLATE="$RUNDIR/0dns.tempXXXXXXXX"
RESOLVBAK="$RUNDIR/resolv.conf.bak.$PROVIDER"
test -f "$PPPRESOLV/$PROVIDER" || exit 0
if [ -x /sbin/resolvconf ]; then
test -n "$PPP_IFACE" || exit 1
/sbin/resolvconf -a "${PPP_IFACE}.pppconfig" < "$PPPRESOLV/$PROVIDER"
exit
fi
umask 022
cd "$RUNDIR" || exit 1
[ -e /proc/mounts ] || { echo "$0: Error: Could not read /proc/mounts" ; exit 1 ; }
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw" || exit 0
TEMPRESOLV=`mktemp $TEMPLATE` || exit 1
mv "$TEMPRESOLV" "$RUNDIR/0dns.$PROVIDER" || exit 1
TEMPRESOLV="$RUNDIR/0dns.$PROVIDER"
cat "$PPPRESOLV/$PROVIDER" > "$TEMPRESOLV"
if [ "$DNS1" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $DNS1" >> "$TEMPRESOLV"
if [ "$DNS2" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $DNS2" >> "$TEMPRESOLV"
fi
elif [ "$MS_DNS1" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $MS_DNS1" >> "$TEMPRESOLV"
if [ "$MS_DNS2" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $MS_DNS2" >> "$TEMPRESOLV"
fi
fi
if [ ! -s "$TEMPRESOLV" ]
then
rm -f "$TEMPRESOLV"
exit 1
fi
if ls | grep -q "resolv.conf.bak"
then
rm -f "$TEMPRESOLV"
exit 1
fi
/bin/cp -Lp "$RESOLVCONF" "$RESOLVBAK" || exit 1
/bin/cp -Lp "$TEMPRESOLV" "$RESOLVCONF" || exit 1
chmod 644 "$RESOLVCONF" || exit 1
[ -x /etc/init.d/nscd ] && { invoke-rc.d nscd restart || true ; }
-- no debconf information
Reply to: