guarantee RFC standardized hostname

Kevin Fitzgerald kwfitzgerald at
Thu Aug 25 14:02:08 UTC 2011

I am actively pushing to stop using the user provided host-name as I feel
that solves our actual problem.

I am still interested to know if there is a facility within dhcp to do regex
evaluation and arbitrary manipulation of the data held in 'option host-name'
or some such.  If not, I will be able to more quickly convince my team that
our efforts would be better spent elsewhere :)

On Thu, Aug 25, 2011 at 2:21 AM, Simon Hobson <dhcp1 at>wrote:

> Ted Lemon wrote:
>  I'm assuming that you don't have any kind of pre-existing records for
>>> these hosts?  We track all hosts here, and force a hostname to be defined at
>>> registration time, with all of the usual validity and uniqueness checks.  We
>>> then feed this data into our dhcp configuration files, and all client
>>> supplied ddns hostname values are summarily ignored.
>  What's the threat model here?
> Basically the same sort of threat as SQL injection has on SQL based
> systems. If **any** bit of code in the chain fails to sanitise/handle
> abnormal input then there's a vector for problems (whether innocent or
> malicious).
> In this case, there's one very common one already mentioned. How many times
> have you seen code break when fed a value with an embedded space ? I've seen
> it plenty of times.
> If you knew (for example) that the value went through a Bash script, then
> you might try "somevalue<space>;rm -rf /" as your input. If the code hasn't
> handled the space properly then there's scope for your system to die a
> mysterious death.
> I know ISC's DHCP and BIND aren't written in Bash, but the same principal
> applies - don't assume everything downstream can handle garbage !
> In the past I has a nice one where a print server box padded out the
> hostname to 8 characters with nulls - took me a while to figure out some
> rather oddball DNS update errors. Hint, what's a string terminator in "C" ?
> --
> Simon Hobson
> Visit http://www.**<>for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> ______________________________**_________________
> dhcp-users mailing list
> dhcp-users at

Kevin Fitzgerald
UALR Information Technology Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list