This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: getaddrinfo with PF_UNSPEC and /etc/hosts
On Fri, Nov 23, 2001 at 09:36:21AM -0800, Ulrich Drepper wrote:
> Ben Collins <bcollins@debian.org> writes:
>
> > Which is why I said it was a hack, a workaround. It does have to do with
> > security. If you try to connect to "www.sun.com", and the DNS for a
> > domain in your search is hacked,
>
> If your search is hacked anything can happen. That's no argument.
> Again, there is no additional risk.
>
> If you want to see the problem fixed get started on a real solution.
> If you'd devote as much time on it as you do promoting hacks you could
> be done fairly soon.
I don't think that keeping a 10 month old patch around is promoting
anything. It is a workaround. You already know I'm planning on helping
with the rewrite. I only posted the patch so others could use it if they
felt the need.
And you're wrong, there is added risk. If you use a fqdn, you expect it
to get resolved, and not searched based on the domain suffix's. The
behavior of UNSPEC is different than that of ipv4 and ipv6 by
themselves, so there was added risk for this case.
Ben
--
.----------=======-=-======-=========-----------=====------------=-=-----.
/ Ben Collins -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'