Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 04 Feb 2018 22:28:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 225668] tcsh: reads /etc/hosts and calls name resolution erroneously to find REMOTEHOST
Message-ID:  <bug-225668-8-WHtXFtNE9F@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-225668-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-225668-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225668

Jilles Tjoelker <jilles@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open
            Summary|'su' command reads          |tcsh: reads /etc/hosts and
                   |/etc/hosts and calls name   |calls name resolution
                   |resolution erroneously      |erroneously to find
                   |                            |REMOTEHOST
                 CC|                            |jilles@FreeBSD.org

--- Comment #1 from Jilles Tjoelker <jilles@FreeBSD.org> ---
Using ktrace -i on a su command, I found that it is not su, but csh that does
these strange DNS requests. The code tries to set the REMOTEHOST environment
variable and is in contrib/tcsh/tc.func.c getremotehost().

This exact problem is called out in a comment:

            /*
             * There is conflict with IPv6 address and X DISPLAY.  So,
             * we assume there is no IPv6 address in utmp and don't
             * touch here.
             */

However, the assumption is wrong. There can be IPv6 addresses in utmp(x).

A simple fix would be to use inet_pton() or getaddrinfo() with AI_NUMERICHOST
to check for an IPv6 (or also IPv4) address, and to skip the X DISPLAY handling
in that case.

This fix should be submitted to the upstream tcsh project first.

However, perhaps we want to eliminate more obsolete code here. The name of the
remote host is rather less important now for shell startup files than it used
to be when the code was written (such as to deal with terminal settings). It
may be sufficient to extract a hostname from the utmp host without touching DNS
at all.

Fortunately, there is a 2 second timeout on finding the remote hostname, so it
will not prevent you from logging in.

The "leaked" information is just the top 16 bits of the IPv6 address together
with the local DNS domain; perhaps the most important part is that you su'ed at
that time.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225668-8-WHtXFtNE9F>