Date: Wed, 21 Jun 2006 17:51:19 +0800 From: Xin LI <delphij@delphij.net> To: Harti Brandt <harti@freebsd.org> Cc: Mike Jakubik <mikej@rogers.com>, freebsd-current@freebsd.org, Justin Hibbits <jrh29@eecs.cwru.edu> Subject: Re: ~/.hosts patch Message-ID: <1150883479.78122.20.camel@spirit> In-Reply-To: <20060621082734.Q24109@beagle.kn.op.dlr.de> References: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7@eecs.cwru.edu> <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit> <20060621082734.Q24109@beagle.kn.op.dlr.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-n0OyBZb9ftsT1HbKiXIX Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, Harti, =E5=9C=A8 2006-06-21=E4=B8=89=E7=9A=84 08:31 +0200=EF=BC=8CHarti Brandt=E5= =86=99=E9=81=93=EF=BC=9A > On Wed, 21 Jun 2006, Xin LI wrote: [snip] > XL>successfully exploit the ~/.hosts to get privilege escalation and/or > XL>information disclosure or something else, which could not happen witho= ut > XL>~/.hosts? >=20 > Wouldn't this enable the same kind of phishing attacks there are under=20 > windows? As far as I remember there are attacks where the hosts file=20 > (don't remember how its called under windows) is rewriten by a virus/java= =20 > script/whatever to contain a different IP address for a given hostname?=20 > Suppose someone fakes the website of www.foobank.com, then manages to=20 > insert www.foobank.com with the wrong IP address into ~/.hosts? Well, if the user would not see a HTTPS certificate before entering his or her password, then it would be highly possible that the user would run under the "root" credential, where /etc/hosts can also be altered. =20 But instead of getting this into a bikeshed, let's see the way we are seeking to make it (to add the functionality as a NSS module). I think a NSS module would provide the functionality yet allowing anyone to choose whether to enable or disable it :-) Cheers, --=20 Xin LI <delphij delphij net> http://www.delphij.net/ --=-n0OyBZb9ftsT1HbKiXIX Content-Type: application/pgp-signature; name=signature.asc Content-Description: =?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?= =?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8=E5=88=86?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEmRaXhcUczkLqiksRAhwEAJ9iUSgKzlLw4slnS64MPRt9HwZ98QCgyi6y QpFvOq/lDw4QP4FxOvXJQqw= =lB2Z -----END PGP SIGNATURE----- --=-n0OyBZb9ftsT1HbKiXIX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1150883479.78122.20.camel>