From owner-freebsd-current@FreeBSD.ORG Wed Jun 21 06:09:16 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3234C16A47E for ; Wed, 21 Jun 2006 06:09:16 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F00043D58 for ; Wed, 21 Jun 2006 06:09:15 +0000 (GMT) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id DBB62EB0BA3; Wed, 21 Jun 2006 14:09:10 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id YZ1ZD1QvpJ7D; Wed, 21 Jun 2006 14:09:07 +0800 (CST) Received: from [10.217.12.210] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 7A868EB08DF; Wed, 21 Jun 2006 14:08:58 +0800 (CST) From: Xin LI To: Mike Jakubik In-Reply-To: <4498DF20.8020803@rogers.com> References: <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <4498DF20.8020803@rogers.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-lQupXpE5UkHZiXpKFtwz" Organization: The FreeBSD Project Date: Wed, 21 Jun 2006 14:08:57 +0800 Message-Id: <1150870137.78122.14.camel@spirit> Mime-Version: 1.0 X-Mailer: Evolution 2.6.2 FreeBSD GNOME Team Port Cc: Justin Hibbits , freebsd-current@freebsd.org Subject: Re: ~/.hosts patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2006 06:09:16 -0000 --=-lQupXpE5UkHZiXpKFtwz Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =E5=9C=A8 2006-06-21=E4=B8=89=E7=9A=84 01:54 -0400=EF=BC=8CMike Jakubik=E5= =86=99=E9=81=93=EF=BC=9A > [snip] > > It's useful for cases where you want to add shortcuts to hosts as a use= r > > or do interesting ssh port forwarding tricks in some weird cases where > > you must connect to localhost:port as remotehost:port due to > > client/server protocol bugs. > > > > This patch appears to only support ~/.hosts for non-suid binaries which > > is the only real security issue. Any admin relying on host to IP > > mapping for security for ordinary users is an idiot so that case isn't > > worth worrying about. Doing this as a separate nss module probably > > makes sense, but I personally like the feature. > > Of course relying on /etc/hosts entries for security alone is indeed not=20 > a good idea, however an Admin may choose to resolve and therefore route=20 > specified hostnames via /etc/hosts. The user should not be able to=20 > overwrite these, if this behavior is true, then it seems like a=20 > reasonable change to me, otherwise it not only seems to be a security=20 > problem, but also a breach of POLA. I think this would be better implemented with a nss module so that the administrator can choose whether to utilize the feature. BTW. I do not see much problem if the feature is not enabled for setuid binaries because if the user already knows some secret (run under his or her own credential), nor can the user trick others to utilize the ~/.hosts if the program is a setuid binary. What's your concern about the "security problem", or could you please point how can we successfully exploit the ~/.hosts to get privilege escalation and/or information disclosure or something else, which could not happen without ~/.hosts? Cheers, --=20 Xin LI http://www.delphij.net/ --=-lQupXpE5UkHZiXpKFtwz Content-Type: application/pgp-signature; name=signature.asc Content-Description: =?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?= =?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8=E5=88=86?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEmOJ5hcUczkLqiksRAhOwAJwMfxpz9JQJnyRPORZOUEGM3sTj+ACfWXiY UDsqzSnBYicTZ7ccPpOfd74= =ID6H -----END PGP SIGNATURE----- --=-lQupXpE5UkHZiXpKFtwz--