From owner-freebsd-current@FreeBSD.ORG  Wed Jun 21 08:07:20 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DCC016A5B1
	for <freebsd-current@freebsd.org>; Wed, 21 Jun 2006 08:07:20 +0000 (UTC)
	(envelope-from lists@yazzy.org)
Received: from mx1.yazzy.org (mx1.yazzy.org [84.247.145.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8E4B443D49
	for <freebsd-current@freebsd.org>; Wed, 21 Jun 2006 08:07:19 +0000 (GMT)
	(envelope-from lists@yazzy.org)
Received: from mail.witelcom.com ([84.247.144.144] helo=marcin)
	by mx1.yazzy.org with esmtps (TLSv1:AES256-SHA:256)
	(YazzY.org) id 1FsxjA-0004e2-6B
	for freebsd-current@freebsd.org; Wed, 21 Jun 2006 10:06:20 +0200
Date: Wed, 21 Jun 2006 10:07:59 +0200
From: Marcin Jessa <lists@yazzy.org>
Cc: freebsd-current@freebsd.org
Message-ID: <20060621100759.2371115a@marcin>
In-Reply-To: <20060621073123.GA35319@what-creek.com>
References: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7@eecs.cwru.edu>
	<4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu>
	<4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit>
	<20060621082734.Q24109@beagle.kn.op.dlr.de>
	<20060621063816.GA32889@what-creek.com>
	<20060621000250.A6468@xorpc.icir.org>
	<20060621070739.GB35132@what-creek.com>
	<20060621002036.A6576@xorpc.icir.org>
	<20060621073123.GA35319@what-creek.com>
Organization: YazzY.org
X-Mailer: Sylpheed-Claws 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.5 (--)
Subject: Re: ~/.hosts patch
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2006 08:07:20 -0000

On Wed, 21 Jun 2006 07:31:23 +0000
John Birrell <jb@what-creek.com> wrote:

> On Wed, Jun 21, 2006 at 12:20:36AM -0700, Luigi Rizzo wrote:
> > On Wed, Jun 21, 2006 at 07:07:39AM +0000, John Birrell wrote:
> > > The fact that a lot of innocent (naive) people don't use https
> > > and certificates?!
> > 
> > and so they would happily click on
> > 
> > 	<a href="http://www.666.org/gimmeyourmoney">Secure Link to
> > Your Bank</a>
> > 
> > so we are not opening much in terms of security holes...
> 
> You are making it worse because you open a new security hole:
> 
> <a href="https://www.paypal.com/">www.paypal.com</a>
> 
> does not take them to the _REAL_ www.paypal.com.
> 
> This is not an issue about phishing where:
> 
> <a href="http://some.dynamic.ip.addr/">www.paypal.com</a>
> 
> makes it look like the link takes them to PayPal when it really
> doesn't.
> 
> Most banks still don't use certificates even though they use HTTP.
> 
> We need to retain the integrity of a DNS lookup. If there are any work
> arounds required for poor DNS lookups, then let an administrator
> configure them!

Just add a global switch to enable/disable using of the ~/.hosts file
to i.e /etc/login.conf.
I personally find this feature very handy, especially on a desktop
with restricted access to the system. 

Marcin.