pieterlexis
commented
3 years ago We should document this (hardening guide?), but restricting paths will lead to support questions and confusion.
Open neilcook opened 7 years ago
pieterlexis
commented
3 years ago We should document this (hardening guide?), but restricting paths will lead to support questions and confusion.
Short description
Currently Lua can include files from anywhere in the filesystem, which is a possible attack vector e.g. Lua reading an auto-generated file in
/tmp(although since we set private tmp that particular attack is actually not feasible). This requests that we use the systemReadWritePaths=,ReadOnlyPaths=,InaccessiblePaths=to protect pdns from these kinds of attacks. This should work so that we whitelist specific directories and all other directories cannot be "seen" by the process (assuming the above systems.exec commands can enable this). This doesn't stop an admin creating a world-writable directory underneath the whitelisted directories, but as lieter says, you can't guard against that kind of stupid. It does however stop admins from including Lua files from "anywhere" in the filesystem,.