From owner-freebsd-current@FreeBSD.ORG Wed Jun 21 05:30:10 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DC7316A474 for ; Wed, 21 Jun 2006 05:30:10 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id B298B43D4C for ; Wed, 21 Jun 2006 05:30:09 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k5L5U8jx004456; Tue, 20 Jun 2006 22:30:08 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k5L5U85v004455; Tue, 20 Jun 2006 22:30:08 -0700 Date: Tue, 20 Jun 2006 22:30:08 -0700 From: Brooks Davis To: Mike Jakubik Message-ID: <20060621053007.GA3320@odin.ac.hmc.edu> References: <4498D108.90907@rogers.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline In-Reply-To: <4498D108.90907@rogers.com> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new Cc: Justin Hibbits , freebsd-current@freebsd.org Subject: Re: ~/.hosts patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2006 05:30:10 -0000 --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 21, 2006 at 12:54:32AM -0400, Mike Jakubik wrote: > Justin Hibbits wrote: > >Hey folks, got an interesting patch. This adds a ~/.hosts file=20 > >(personal version of /etc/hosts). It was written against 6-STABLE=20 > >about a week before 6.1 was released, and has been sitting collecting=20 > >dust for the last month and a half. Currently it augments /etc/hosts=20 > >instead of replacing it or prepending it. Any comments? One=20 > >suggestion that was made was to make it an nss module so that it could= =20 > >be controlled by the admin. It probably could use some cleanup as=20 > >well, just putting it out here for proof of concept for now, and some=20 > >direction. >=20 > Just what exactly is the point of having a user specified hosts file?=20 > Seems like a bad idea to me, in terms of security. It's useful for cases where you want to add shortcuts to hosts as a user or do interesting ssh port forwarding tricks in some weird cases where you must connect to localhost:port as remotehost:port due to client/server protocol bugs. This patch appears to only support ~/.hosts for non-suid binaries which is the only real security issue. Any admin relying on host to IP mapping for security for ordinary users is an idiot so that case isn't worth worrying about. Doing this as a separate nss module probably makes sense, but I personally like the feature. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEmNleXY6L6fI4GtQRAv6oAKCHvkV/Ndq+yyFHJixaS1kQXVzBwgCeJVo1 ni7vES7JSNYnx4pB1hnIvgA= =p/WX -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--