From owner-freebsd-current@FreeBSD.ORG Wed Jun 21 06:31:40 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD28516A479 for ; Wed, 21 Jun 2006 06:31:39 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from smtp-3.dlr.de (smtp-3.dlr.de [195.37.61.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9529543D5F for ; Wed, 21 Jun 2006 06:31:38 +0000 (GMT) (envelope-from Hartmut.Brandt@dlr.de) Received: from beagle.kn.op.dlr.de ([129.247.173.6]) by smtp-3.dlr.de over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 21 Jun 2006 08:31:36 +0200 Date: Wed, 21 Jun 2006 08:31:36 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt_h@beagle.kn.op.dlr.de To: Xin LI In-Reply-To: <1150870137.78122.14.camel@spirit> Message-ID: <20060621082734.Q24109@beagle.kn.op.dlr.de> References: <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-933231558-1150871496=:24109" X-OriginalArrivalTime: 21 Jun 2006 06:31:36.0950 (UTC) FILETIME=[58D28960:01C694FC] Cc: Mike Jakubik , freebsd-current@freebsd.org, Justin Hibbits Subject: Re: ~/.hosts patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Harti Brandt List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2006 06:31:40 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-933231558-1150871496=:24109 Content-Type: TEXT/PLAIN; charset=koi8-r Content-Transfer-Encoding: QUOTED-PRINTABLE On Wed, 21 Jun 2006, Xin LI wrote: XL>=FF=FF 2006-06-21=FF=FF=FF=FF 01:54 -0400=FF=FFMike Jakubik=FF=FF=FF=FF= =FF=FF XL>> [snip] XL>> > It's useful for cases where you want to add shortcuts to hosts as a = user XL>> > or do interesting ssh port forwarding tricks in some weird cases whe= re XL>> > you must connect to localhost:port as remotehost:port due to XL>> > client/server protocol bugs. XL>> > XL>> > This patch appears to only support ~/.hosts for non-suid binaries wh= ich XL>> > is the only real security issue. Any admin relying on host to IP XL>> > mapping for security for ordinary users is an idiot so that case isn= 't XL>> > worth worrying about. Doing this as a separate nss module probably XL>> > makes sense, but I personally like the feature. XL>> XL>> Of course relying on /etc/hosts entries for security alone is indeed n= ot=20 XL>> a good idea, however an Admin may choose to resolve and therefore rout= e=20 XL>> specified hostnames via /etc/hosts. The user should not be able to=20 XL>> overwrite these, if this behavior is true, then it seems like a=20 XL>> reasonable change to me, otherwise it not only seems to be a security= =20 XL>> problem, but also a breach of POLA. XL> XL>I think this would be better implemented with a nss module so that the XL>administrator can choose whether to utilize the feature. XL> XL>BTW. I do not see much problem if the feature is not enabled for setuid XL>binaries because if the user already knows some secret (run under his or XL>her own credential), nor can the user trick others to utilize the XL>~/.hosts if the program is a setuid binary. What's your concern about XL>the "security problem", or could you please point how can we XL>successfully exploit the ~/.hosts to get privilege escalation and/or XL>information disclosure or something else, which could not happen without XL>~/.hosts? Wouldn't this enable the same kind of phishing attacks there are under=20 windows? As far as I remember there are attacks where the hosts file=20 (don't remember how its called under windows) is rewriten by a virus/java= =20 script/whatever to contain a different IP address for a given hostname?=20 Suppose someone fakes the website of www.foobank.com, then manages to=20 insert www.foobank.com with the wrong IP address into ~/.hosts? harti --0-933231558-1150871496=:24109--