CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
22ff402da9
tailscale/net/dns
History
Andrew Dunham 33714211c8 net/dns: use os.Root to prevent path traversal in darwin resolver 
The darwinConfigurator writes split DNS resolver files to
/etc/resolver/$SUFFIX using os.WriteFile with string concatenation.
A crafted MatchDomain value containing path traversal sequences
(e.g. "../evil") could write files outside the resolver directory.

Use os.OpenRoot to confine all file operations in SetDNS and
removeResolverFiles to the resolver directory. os.Root rejects any
path component that escapes the root, returning an error instead of
following the traversal.

Also parametrize the resolver directory path on the struct to enable
testing with t.TempDir(), and add tests.

As far as I can tell, this would require a malicious controlplane to
exploit, but still worth fixing.

Updates tailscale/corp#39751

Signed-off-by: Andrew Dunham <andrew@tailscale.com>
2026-04-28 11:08:22 -04:00
..
publicdns net/dns: add test for DoH upgrade of system DNS 2026-01-26 14:14:39 -05:00
resolvconffile all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolver cmd/vet: add subtestnames analyzer; fix all existing violations 2026-04-05 15:52:51 -07:00
config.go net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in 2026-02-17 07:29:12 -10:00
dbus.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
debian_resolvconf.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
direct_linux_test.go net/dns: fix TestDNSTrampleRecovery failure under flakestress 2026-04-14 06:55:35 -07:00
direct_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
direct_unix_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
direct.go net/dns: fix TestDNSTrampleRecovery failure under flakestress 2026-04-14 06:55:35 -07:00
dns_clone.go cmd/cloner: deep-clone pointer elements in map-of-slice values 2026-04-17 11:36:05 -04:00
dns_view.go net/dns, ipn/local: skip health warnings in dns forwarder when accept-dns is false (#18572) 2026-02-10 09:29:14 -05:00
flush_default.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
flush_windows.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ini_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ini.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_darwin_test.go net/dns: use os.Root to prevent path traversal in darwin resolver 2026-04-28 11:08:22 -04:00
manager_darwin.go net/dns: use os.Root to prevent path traversal in darwin resolver 2026-04-28 11:08:22 -04:00
manager_default.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_freebsd.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_linux_test.go net/dns: fix TestDNSTrampleRecovery failure under flakestress 2026-04-14 06:55:35 -07:00
manager_linux.go all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
manager_openbsd.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_plan9_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_plan9.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_solaris.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_tcp_test.go net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in 2026-02-17 07:29:12 -10:00
manager_test.go net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in 2026-02-17 07:29:12 -10:00
manager_windows_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
manager_windows.go control/controlknobs,net/dns,tailcfg: add a control knob that disables hosts file updates on Windows 2026-02-13 11:59:37 -06:00
manager.go net/dns: fix duplicate search line entries (OpenBSD, primarily) 2026-03-25 10:19:02 -07:00
nm.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
noop.go net/dns: skip DNS base config when using userspace networking (#18355) 2026-01-30 12:14:47 -05:00
nrpt_windows.go net/dns: use the correct separator for multiple servers in the same NRPT rule on Windows 2026-03-19 09:07:39 -05:00
openresolv.go all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
osconfig_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
osconfig.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolvconf-workaround.sh all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolvconf.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolvconfpath_default.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolvconfpath_gokrazy.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolvd.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
resolved.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
utf_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
utf.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
wsl_windows.go net/dns: fix TestDNSTrampleRecovery failure under flakestress 2026-04-14 06:55:35 -07:00