Re: ~/.hosts patch

From: Brooks Davis <brooks@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2006 22:30:08 -0700

On Wed, Jun 21, 2006 at 12:54:32AM -0400, Mike Jakubik wrote:

Justin Hibbits wrote:

Hey folks, got an interesting patch. This adds a ~/.hosts file
(personal version of /etc/hosts). It was written against 6-STABLE
about a week before 6.1 was released, and has been sitting collecting
dust for the last month and a half. Currently it augments /etc/hosts
instead of replacing it or prepending it. Any comments? One
suggestion that was made was to make it an nss module so that it could
be controlled by the admin. It probably could use some cleanup as
well, just putting it out here for proof of concept for now, and some
direction.

Just what exactly is the point of having a user specified hosts file?
Seems like a bad idea to me, in terms of security.

It's useful for cases where you want to add shortcuts to hosts as a user
or do interesting ssh port forwarding tricks in some weird cases where
you must connect to localhost:port as remotehost:port due to
client/server protocol bugs.

This patch appears to only support ~/.hosts for non-suid binaries which
is the only real security issue. Any admin relying on host to IP
mapping for security for ordinary users is an idiot so that case isn't
worth worrying about. Doing this as a separate nss module probably
makes sense, but I personally like the feature.

-- Brooks

--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4

Attachment: pgpeRm1AvxjVw.pgp
Description: PGP signature

Follow-Ups:
- Re: ~/.hosts patch
  - From: Garance A Drosihn
- Re: ~/.hosts patch
  - From: Poul-Henning Kamp
- Re: ~/.hosts patch
  - From: Mike Jakubik
- Re: ~/.hosts patch
  - From: Hajimu UMEMOTO

References:
- ~/.hosts patch
  - From: Justin Hibbits
- Re: ~/.hosts patch
  - From: Mike Jakubik

Prev by Date: Re: ~/.hosts patch
Next by Date: Re: ~/.hosts patch
Previous by thread: Re: ~/.hosts patch
Next by thread: Re: ~/.hosts patch
Index(es):
- Date
- Thread

Relevant Pages

Re: ~/.hosts patch
... One suggestion that was made was to make it an nss module so that it could be controlled by the admin. ... Seems like a bad idea to me, in terms of security. ... It's useful for cases where you want to add shortcuts to hosts as a user ...
(freebsd-current)
Re: 0x80072EE7
... Point the DNS Resolution to 4.2.2.2 ... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ...
(microsoft.public.windowsupdate)
Re: 0x80072EE7
... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... could just be a suggestion for a possible explanation for the problem ...
(microsoft.public.windowsupdate)
Re: Create restricted user account, 2003 server AD domain
... I originally created the security group 'def' as a domain local group. ... Note that user 'abc' is NOT listed as a member of the domain local group ... I verified this on both the domain server and the XP hosts ...
(microsoft.public.windows.server.security)
Re: 0x80072EE7
... this problem with updating Microsoft. ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... could just be a suggestion for a possible explanation for the problem ...
(microsoft.public.windowsupdate)