[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 03694) Re: glibc getaddrinfo can resolve addresses of different hosts in case of search domains are used in /etc/resolv.conf - bug or feature?
- To: usagi-users@xxxxxxxxxxxxxx, Peter Bieringer <pb@xxxxxxxxxxxx>
- Subject: (usagi-users 03694) Re: glibc getaddrinfo can resolve addresses of different hosts in case of search domains are used in /etc/resolv.conf - bug or feature?
- From: Remi Denis-Courmont <rdenis@xxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 16:10:43 +0300
- Cc: "users@xxxxxxxx" <users@xxxxxxxx>
- In-reply-to: <44EAF1DF.6090400@bieringer.de>
- References: <44EAF1DF.6090400@bieringer.de>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- User-agent: Internet Messaging Program (IMP) 3.2.6
Selon Peter Bieringer <pb@xxxxxxxxxxxx>:
> after some discussions with people from Red Hat I'm still not able to
> convince them that the behavior of getaddrinfo in glibc is buggy, if
> search domains in /etc/resolv.conf are specified.
Well, I'd agree it is a bug by not conforming to the relevant specification.
As for being a security issue, yes and no: you should always trust the DNS
names which you put into your resolv.conf, but it is indeed a possible way to
hijack DNS entries, so it only make things worse whenever your resolv zones
are hacked.
Also, I must say the bug report is really unclear and it took me a while to
understand the problem, so I'm not quite surprised about the way
famous-for-being-confrontational Mr Drepper answered. I still don't
understand the problem with reverse DNS lookups.
> Me was told inbetween (and a short look into the source code shows like
> that), that getaddrinfo uses DNS lookups more abstract and it can't be
> fixed in an easy manner.
Quite probably. I suppose this is hidden from getaddrinfo() by the NSS
library, which might not support AF-independant queries on its own.
--
Remi Denis-Courmont
http://www.simphalempin.com/home/