openwrtv4/package
Kevin Darbyshire-Bryant a45f4f50e1 dnsmasq: add dhcp-ignore-names support - CERT VU#598349
dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames.  Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.

Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.

/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.

dhcp-name-match=set:dhcp_bogus_hostname,localhost

Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.

To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-09 09:45:16 +01:00
..
base-files base-files: make it possible to specify switch led mode 2018-09-29 17:23:11 +02:00
boot sunxi: add support for Orange Pi Zero 2018-10-07 22:16:10 +02:00
devel strace: add option to enable libdw stack tracing 2018-10-02 19:57:33 +03:00
firmware intel-microcode: update to version 20180807a 2018-10-07 02:12:06 +02:00
kernel mac80211: Use @KERNEL alias instead of hardlink 2018-10-07 02:10:15 +02:00
libs nghttp2: bump to 1.34.0 2018-10-07 17:39:05 +02:00
network dnsmasq: add dhcp-ignore-names support - CERT VU#598349 2018-10-09 09:45:16 +01:00
system fstools: filter unknown action in mount.hotplug script 2018-10-07 21:34:13 +02:00
utils e2fsprogs: fix glibc compile issue (FS#1749,FS#1796) 2018-10-08 17:24:23 +02:00
Makefile imagebuilder: reuse rootfs preparation from rootfs.mk 2018-03-07 09:59:08 +01:00