Comment 8 for bug 1939733
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Remote Code Execution via extra_dhcp_opts | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Thanks. I suppose my remaining concern is more of a theoretical one in that case... dnsmasq does not expect untrusted users to supply configuration, and therefore is not overly concerned with risks related to that workflow. As a result, any bugs in dnsmasq's configuration handling become Neutron security risks and therefore OpenStack's responsibility to deal with. In the long term, this does not seem like a sustainable model under which to operate.
In the near term, I agree the proposed solution should suffice, and since it seems to be backportable to all supported stable branches I'll get started on the impact description and coordinated disclosure timeline for an embargoed security advisory.