At 10:30 PM -0700 6/20/06, Brooks Davis wrote: > >It's useful for cases where you want to add shortcuts >to hosts as a user or do interesting ssh port forwarding >tricks in some weird cases where you must connect to >localhost:port as remotehost:port due to client/server >protocol bugs. As far as interesting tricks for ssh, you should already be able to do that with ~/.ssh/config. Note ~/.hosts would only redirect the hostnames, and not ports. I use ~/.ssh/config so that a plain '_at_host' request actually goes to '_at_host:alternate-port', so-to-speak. >This patch appears to only support ~/.hosts for non-suid >binaries which is the only real security issue. Any admin >relying on host to IP mapping for security for ordinary >users is an idiot so that case isn't worth worrying about. >Doing this as a separate nss module probably makes sense, >but I personally like the feature. I have a feeling ~/.hosts could open a few security issues, but obviously I am already using ~/.ssh/config to do about the same thing on a smaller scale. I'm not sure I could say what the difference is. I also wonder if this would trigger some debugging-issues, when some user has long since forgotten some alias they put in ~/.hosts, and then some new service does not work, and they file a trouble-ticket with whoever is providing that service. I have certainly seen that happen with LMHOSTS files under Windows, and my job responsibilities don't even include doing support for Windows. Let's say I write some program which I let other users run. It's just a plain executable. It isn't setuid or setgid, because it doesn't reference any files on the local system. That program could reference some external hostname, and feel that is reasonably safe to do (*). But with this feature any user could redirect that host. I have not looked at the patch in detail, but it seems to me that it would be prudent if ~/.hosts was NOT searched for any fully-qualified hostnames (ones with a trailing period). I also assume this won't work well for incoming connections (such as incoming ssh connections), since the hostname is checked before sshd figures out where '~' is. That isn't a problem, of course, just as long as people don't expect it to work for that. I don't have a strong objection to the feature, but I do think we should consider it carefully, and make sure we consider some of the unusual cases. I'm just trying to come up with a few examples of those oddball cases here. (* - reasonable, because the person providing the program is also the sysadmin, and thus is *already* taking other measures to protect DNS from poisoning, etc). -- Garance Alistair Drosehn = gad_at_gilead.netel.rpi.edu Senior Systems Programmer or gad_at_freebsd.org Rensselaer Polytechnic Institute or drosih_at_rpi.eduReceived on Wed Jun 21 2006 - 22:09:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC