CISCO_DEF_DOMAIN VS CISCO_SPLIT_DNS
David Woodhouse
dwmw2 at infradead.org
Wed Sep 17 16:48:35 PDT 2014
On Wed, 2014-09-17 at 16:19 -0700, Kevin Cernekee wrote:
>
> Oops, should probably make that:
>
> set -- $CISCO_SPLIT_DNS
>
> and keep in mind that a compromised gateway could pass all sorts of
> evil strings to your vpnc-script.
Which reminds me. None of our use of setenv() is safe, now that we could
potentially be running libopenconnect within a multi-threaded process.
We need to keep them around in a list, then set them only after we have
done a fork(), then exec() the vpnc-script.
And do something equivalent on Windows.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140917/da81b0b0/attachment.bin>
More information about the openconnect-devel
mailing list