On Wed, Jun 21, 2006 at 12:54:32AM -0400, Mike Jakubik wrote: > Justin Hibbits wrote: > >Hey folks, got an interesting patch. This adds a ~/.hosts file > >(personal version of /etc/hosts). It was written against 6-STABLE > >about a week before 6.1 was released, and has been sitting collecting > >dust for the last month and a half. Currently it augments /etc/hosts > >instead of replacing it or prepending it. Any comments? One > >suggestion that was made was to make it an nss module so that it could > >be controlled by the admin. It probably could use some cleanup as > >well, just putting it out here for proof of concept for now, and some > >direction. > > Just what exactly is the point of having a user specified hosts file? > Seems like a bad idea to me, in terms of security. It's useful for cases where you want to add shortcuts to hosts as a user or do interesting ssh port forwarding tricks in some weird cases where you must connect to localhost:port as remotehost:port due to client/server protocol bugs. This patch appears to only support ~/.hosts for non-suid binaries which is the only real security issue. Any admin relying on host to IP mapping for security for ordinary users is an idiot so that case isn't worth worrying about. Doing this as a separate nss module probably makes sense, but I personally like the feature. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC