Package: pppconfig
Version: 2.3.23
Severity: important
Dear Maintainer,
The script /etc/ppp/ip-up.d/0dns-up fails to assign the static DNS config for
the specific peer (as per the manual, the static file to temporary replace
/etc/resolv.conf
is stored in /etc/ppp/resolv/ directory, and named after the IPPARAM for the
specific peer).
The issue may lead to unexpected DNS leak (when establishing pptp VPN
connection, instead of statically explocitly configured nameservers, the defaul
ones are still used)
The issue is in line 63:
...
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw " || exit 0
...
where the grep fails to acknowledge that the root directory is mounted rw (due
to requiring rw substring to be surrounded by spaces from both sides).
An easy fix, changing the above for example to
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw" || exit 0
will allow the script to operate properly, as per the corresponding ppconfig
manual.
Yours,
manul
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pppconfig depends on:
ii init-system-helpers 1.57
ii ppp 2.4.7-2+4.1+b1
ii whiptail 0.52.21-4
pppconfig recommends no packages.
Versions of packages pppconfig suggests:
pn resolvconf <none>
-- Configuration Files:
/etc/ppp/ip-up.d/0dns-up changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -f /usr/sbin/pppconfig || exit 0
test -z "$PPP_IPPARAM" && exit 0
PROVIDER=`echo "$PPP_IPPARAM" | cut -d' ' -f1`
ETC="/etc"
RUNDIR="/var/run/pppconfig"
RESOLVCONF="$ETC/resolv.conf"
PPPRESOLV="$ETC/ppp/resolv"
TEMPLATE="$RUNDIR/0dns.tempXXXXXXXX"
RESOLVBAK="$RUNDIR/resolv.conf.bak.$PROVIDER"
test -f "$PPPRESOLV/$PROVIDER" || exit 0
if [ -x /sbin/resolvconf ]; then
test -n "$PPP_IFACE" || exit 1
/sbin/resolvconf -a "${PPP_IFACE}.pppconfig" < "$PPPRESOLV/$PROVIDER"
exit
fi
umask 022
cd "$RUNDIR" || exit 1
[ -e /proc/mounts ] || { echo "$0: Error: Could not read /proc/mounts" ; exit 1
; }
[ -L "$RESOLVCONF" ] || grep " / " /proc/mounts | grep -q " rw" || exit 0
TEMPRESOLV=`mktemp $TEMPLATE` || exit 1
mv "$TEMPRESOLV" "$RUNDIR/0dns.$PROVIDER" || exit 1
TEMPRESOLV="$RUNDIR/0dns.$PROVIDER"
cat "$PPPRESOLV/$PROVIDER" > "$TEMPRESOLV"
if [ "$DNS1" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $DNS1" >> "$TEMPRESOLV"
if [ "$DNS2" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $DNS2" >> "$TEMPRESOLV"
fi
elif [ "$MS_DNS1" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $MS_DNS1" >> "$TEMPRESOLV"
if [ "$MS_DNS2" ] ; then
echo '' >> "$TEMPRESOLV"
echo "nameserver $MS_DNS2" >> "$TEMPRESOLV"
fi
fi
if [ ! -s "$TEMPRESOLV" ]
then
rm -f "$TEMPRESOLV"
exit 1
fi
if ls | grep -q "resolv.conf.bak"
then
rm -f "$TEMPRESOLV"
exit 1
fi
/bin/cp -Lp "$RESOLVCONF" "$RESOLVBAK" || exit 1
/bin/cp -Lp "$TEMPRESOLV" "$RESOLVCONF" || exit 1
chmod 644 "$RESOLVCONF" || exit 1
[ -x /etc/init.d/nscd ] && { invoke-rc.d nscd restart || true ; }
-- no debconf information
