Date: Wed, 26 Mar 2003 01:05:06 -0600 From: David J Duchscher <daved@nostrum.com> To: Mark.Andrews@isc.org Cc: Terry Lambert <tlambert2@mindspring.com> Subject: Re: Resolver Issues (non valid hostname characters) Message-ID: <460D1DA6-5F59-11D7-BFC4-0003930B3DA4@nostrum.com> In-Reply-To: <200303260523.h2Q5NFpE029121@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, March 25, 2003, at 11:23 PM, Mark.Andrews@isc.org wrote: > >> On Tuesday, March 25, 2003, at 09:53 PM, Mark.Andrews@isc.org wrote: >> >>> The current implementation fits this. It handles (accepts) >>> garbage in and only returns (generates) clean respones to >>> the application. >>> >> >> Which I would say it not the intention of what being 'generous on what >> you accept' to mean. IMHO, the maxim is to stop exactly what is >> happening. We are being restrictive on what we return to the >> application so things are breaking. I can't change the remote end so >> communication does not flow. From my perspective, you advocating >> being restrict on what you will accept and what you will send. > > This is a security matter. Sendmail was compromised due to > lack of checking the results returned by gethostbyaddr(). > > get*by*() and get*info() enforce RFC 952 so that every > application written doesn't have to validate the results > returned. Allowing underscore (or IHN) is a API change > and will potentially break applications that correctly > depend upon get*by*() and get*info() filtering out the > garbage. > > If you want to be liberal in what you accept bypass > get*by*() and get*info() and call the resolver directly. Let me see, this is a matter of national security so we can't talk about it. This is very much a straw man argument when it comes to underscore. Bypassing the resolver is also not an option that most users have available to them. This argument also implies that all the other OS mentioned have a security problem because they don't do this type of checking. Not knocking security worries, and of course it should be considered, but from my perspective, this doesn't hold much water. >>> If the resolver died receiving underscore you would something >>> to complain about. Currently it just filters out ALL illegal >>> responses. >> >> I can't talk to some hosts on the internet because FreeBSD will not >> resolve the host name which over 99% of the host on the Internet will. >> I guess that just doesn't matter. > > If the name contains a underscore it is not a hostname by > definition. Nothing stops you talking to the DNS directly > and entering IP literals. CNAME virtual hosts. I have mailed the patch to PR/50299 that makes it an optional behavior. You can also find it here: http://magus.nostrum.com/~daved/resolver_patch.txt I think we have pretty much beat this to death. If the FreeBSD project thinks the latest patch is a useful addition, great. FYI, I will be glad to tune the patch as people see fit. It currently is against the 4 branch but I not going to spend the time if its not going to committed. DaveD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460D1DA6-5F59-11D7-BFC4-0003930B3DA4>