Re: ~/.hosts patch

在 2006-06-21三的 01:54 -0400,Mike Jakubik写道:
[snip]
It's useful for cases where you want to add shortcuts to hosts as a user
or do interesting ssh port forwarding tricks in some weird cases where
you must connect to localhost:port as remotehost:port due to
client/server protocol bugs.

This patch appears to only support ~/.hosts for non-suid binaries which
is the only real security issue. Any admin relying on host to IP
mapping for security for ordinary users is an idiot so that case isn't
worth worrying about. Doing this as a separate nss module probably
makes sense, but I personally like the feature.

Of course relying on /etc/hosts entries for security alone is indeed not
a good idea, however an Admin may choose to resolve and therefore route
specified hostnames via /etc/hosts. The user should not be able to
overwrite these, if this behavior is true, then it seems like a
reasonable change to me, otherwise it not only seems to be a security
problem, but also a breach of POLA.

I think this would be better implemented with a nss module so that the
administrator can choose whether to utilize the feature.

BTW. I do not see much problem if the feature is not enabled for setuid
binaries because if the user already knows some secret (run under his or
her own credential), nor can the user trick others to utilize the
~/.hosts if the program is a setuid binary. What's your concern about
the "security problem", or could you please point how can we
successfully exploit the ~/.hosts to get privilege escalation and/or
information disclosure or something else, which could not happen without
~/.hosts?

Cheers,
--
Xin LI <delphij delphij net> http://www.delphij.net/

Attachment: signature.asc
Description: =?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?= =?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8=E5=88=86?=

Relevant Pages

  • Re: Error
    ... for example I added this feature to our custom web app framework. ... any application will have stronger security settings right out of the box. ... risking the security of your customers websites. ... >>>>thrown and the request is aborted. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Bypassing SMTP Content Protection with a Flick of a Button
    ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
    (Bugtraq)
  • [VulnWatch] Bypassing SMTP Content Protection with a Flick of a Button
    ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
    (VulnWatch)
  • Linux 2.4 usage statistics
    ... feature freeze anyway), but it helps me know your usage better, to try ... mission-critical (you may loose your job if it fails too often)? ... security-critical? ... drivers not existing anymore in 2.6? ...
    (Linux-Kernel)
  • Re: Router selection? Im a Computer and Internet/Newsgroup Newbie
    ... There is so many security options offered. ... Packet Log, Security Event Log, E-mail Log; VPN Functionality: ... NAT is probably the biggest feature. ... If you don't do any port forwarding with the router, ...
    (alt.comp.hardware.pc-homebuilt)