guarantee RFC standardized hostname

Simon Hobson dhcp1 at
Thu Aug 25 07:21:03 UTC 2011

Ted Lemon wrote:

>>I'm assuming that you don't have any kind of pre-existing records 
>>for these hosts?  We track all hosts here, and force a hostname to 
>>be defined at registration time, with all of the usual validity and 
>>uniqueness checks.  We then feed this data into our dhcp 
>>configuration files, and all client supplied ddns hostname values 
>>are summarily ignored.

>What's the threat model here?

Basically the same sort of threat as SQL injection has on SQL based 
systems. If **any** bit of code in the chain fails to sanitise/handle 
abnormal input then there's a vector for problems (whether innocent 
or malicious).

In this case, there's one very common one already mentioned. How many 
times have you seen code break when fed a value with an embedded 
space ? I've seen it plenty of times.
If you knew (for example) that the value went through a Bash script, 
then you might try "somevalue<space>;rm -rf /" as your input. If the 
code hasn't handled the space properly then there's scope for your 
system to die a mysterious death.

I know ISC's DHCP and BIND aren't written in Bash, but the same 
principal applies - don't assume everything downstream can handle 
garbage !

In the past I has a nice one where a print server box padded out the 
hostname to 8 characters with nulls - took me a while to figure out 
some rather oddball DNS update errors. Hint, what's a string 
terminator in "C" ?

Simon Hobson

Visit for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list