Re: ~/.hosts patch

From: Brooks Davis <brooks_at_one-eyed-alien.net>
Date: Tue, 20 Jun 2006 22:30:08 -0700
On Wed, Jun 21, 2006 at 12:54:32AM -0400, Mike Jakubik wrote:
> Justin Hibbits wrote:
> >Hey folks, got an interesting patch.  This adds a ~/.hosts file 
> >(personal version of /etc/hosts).  It was written against 6-STABLE 
> >about a week before 6.1 was released, and has been sitting collecting 
> >dust for the last month and a half.  Currently it augments /etc/hosts 
> >instead of replacing it or prepending it.  Any comments?  One 
> >suggestion that was made was to make it an nss module so that it could 
> >be controlled by the admin.  It probably could use some cleanup as 
> >well, just putting it out here for proof of concept for now, and some 
> >direction.
> 
> Just what exactly is the point of having a user specified hosts file? 
> Seems like a bad idea to me, in terms of security.

It's useful for cases where you want to add shortcuts to hosts as a user
or do interesting ssh port forwarding tricks in some weird cases where
you must connect to localhost:port as remotehost:port due to
client/server protocol bugs.

This patch appears to only support ~/.hosts for non-suid binaries which
is the only real security issue.  Any admin relying on host to IP
mapping for security for ordinary users is an idiot so that case isn't
worth worrying about.  Doing this as a separate nss module probably
makes sense, but I personally like the feature.

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

Received on Wed Jun 21 2006 - 03:30:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC