Re: ~/.hosts patch

From: Xin LI <delphij_at_delphij.net>
Date: Wed, 21 Jun 2006 14:08:57 +0800
在 2006-06-21三的 01:54 -0400,Mike Jakubik写道:
> [snip]
> > It's useful for cases where you want to add shortcuts to hosts as a user
> > or do interesting ssh port forwarding tricks in some weird cases where
> > you must connect to localhost:port as remotehost:port due to
> > client/server protocol bugs.
> >
> > This patch appears to only support ~/.hosts for non-suid binaries which
> > is the only real security issue.  Any admin relying on host to IP
> > mapping for security for ordinary users is an idiot so that case isn't
> > worth worrying about.  Doing this as a separate nss module probably
> > makes sense, but I personally like the feature.
>
> Of course relying on /etc/hosts entries for security alone is indeed not 
> a good idea, however an Admin may choose to resolve and therefore route 
> specified hostnames via /etc/hosts. The user should not be able to 
> overwrite these, if this behavior is true, then it seems like a 
> reasonable change to me, otherwise it not only seems to be a security 
> problem, but also a breach of POLA.

I think this would be better implemented with a nss module so that the
administrator can choose whether to utilize the feature.

BTW. I do not see much problem if the feature is not enabled for setuid
binaries because if the user already knows some secret (run under his or
her own credential), nor can the user trick others to utilize the
~/.hosts if the program is a setuid binary.  What's your concern about
the "security problem", or could you please point how can we
successfully exploit the ~/.hosts to get privilege escalation and/or
information disclosure or something else, which could not happen without
~/.hosts?

Cheers,
-- 
Xin LI <delphij delphij net>    http://www.delphij.net/

Received on Wed Jun 21 2006 - 04:09:16 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC