The pihole-FTL-prestart.sh and pihole-FTL-poststop.sh scripts are
executed as root by systemd (via the '+' prefix). Both previously read
the PID file path from pihole.toml via getFTLConfigValue — a file the
pihole user can write to directly. An attacker with pihole-user access
could set files.pid to an arbitrary path and trigger a service restart
to cause root to delete then recreate any file on the system, enabling
local privilege escalation.
Fix by inlining the hardcoded path /run/pihole-FTL.pid directly in
each hook, removing any dependency on user-controlled config. The same
hardening is applied to the SysV init script for consistency.
See: GHSA-6w8x-p785-6pm4
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This was most likely added accidentally (during a refactor in 2017)
Both the 2017 and current version use /opt/pihole/COL_TABLE, as defined earlier and sourced earlier in the code.
Remove PIHOLE_COLTABLE_FILE from REQUIRED_FILES since /usr/local/bin as well as /opt/pihole are never checked
Signed-off-by: darkexplosiveqwx <101737077+darkexplosiveqwx@users.noreply.github.com>
- use `--no---` and `--yes---` to make sure the strings won't match user
comments or parts of domains
- also use `-ALLOW-` and `-BLOCK-`
Also reduce the domain column to 90 characters
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
- Domains table ("type" column): replace 0, 1, 2 and 3 with
"exact-allow", "exact-deny", "regex-allow" and "regex-deny"
- All tables: use yes/no for "enabled" columns
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
Use bash-internal globs and parameter expasion in preference to
assignment from output of ls or basename per file/directory.
When displaying file contents, call sed once and preprocesses the entire
file (eg pihole.toml), rather than spawning a new sed process for every
line of the file.
When checking services, call awk once to extract all data for each ip:port
pair, rather than three times.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Adds the keepalive header to all curl requests
This reduces session establishment time across the multiple
requests necessary to authenticate, obtain response and log out
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
This PR updates the function flushing the network tables and the ARP table. It separates the two, renaming the whole function to networkflush and makes flushing ARP optional by appending --arp. Deletion of the network table is now done via FTL's /action/flush/arp endpoint.
Documentation: https://github.com/pi-hole/docs/pull/1253
Related PR in the FTL repo: https://github.com/pi-hole/FTL/pull/2541
Get session authentication information via single jq operation,
setting defaults if no data returned.
Simplify jq test for valid JSON data
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Count list and gravity matches using jq in a single step.
Use jq's map to simplify list processing, eliminating intermediate
jsons.
Eliminate while loop for each lists's final output and formatting.
Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Adam Warner
Adam Warner
darkexplosiveqwx
yubiuser
RD WebDesign
Dan Schaper
Rob Gill
Dominik
Michael Ziminsky (Z)
DL6ER