Date: Wed, 21 Jun 2006 08:31:36 +0200 (CEST) From: Harti Brandt <hartmut.brandt@dlr.de> To: Xin LI <delphij@delphij.net> Cc: Mike Jakubik <mikej@rogers.com>, freebsd-current@freebsd.org, Justin Hibbits <jrh29@eecs.cwru.edu> Subject: Re: ~/.hosts patch Message-ID: <20060621082734.Q24109@beagle.kn.op.dlr.de> In-Reply-To: <1150870137.78122.14.camel@spirit> References: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7@eecs.cwru.edu> <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-933231558-1150871496=:24109 Content-Type: TEXT/PLAIN; charset=koi8-r Content-Transfer-Encoding: QUOTED-PRINTABLE On Wed, 21 Jun 2006, Xin LI wrote: XL>=FF=FF 2006-06-21=FF=FF=FF=FF 01:54 -0400=FF=FFMike Jakubik=FF=FF=FF=FF= =FF=FF XL>> [snip] XL>> > It's useful for cases where you want to add shortcuts to hosts as a = user XL>> > or do interesting ssh port forwarding tricks in some weird cases whe= re XL>> > you must connect to localhost:port as remotehost:port due to XL>> > client/server protocol bugs. XL>> > XL>> > This patch appears to only support ~/.hosts for non-suid binaries wh= ich XL>> > is the only real security issue. Any admin relying on host to IP XL>> > mapping for security for ordinary users is an idiot so that case isn= 't XL>> > worth worrying about. Doing this as a separate nss module probably XL>> > makes sense, but I personally like the feature. XL>> XL>> Of course relying on /etc/hosts entries for security alone is indeed n= ot=20 XL>> a good idea, however an Admin may choose to resolve and therefore rout= e=20 XL>> specified hostnames via /etc/hosts. The user should not be able to=20 XL>> overwrite these, if this behavior is true, then it seems like a=20 XL>> reasonable change to me, otherwise it not only seems to be a security= =20 XL>> problem, but also a breach of POLA. XL> XL>I think this would be better implemented with a nss module so that the XL>administrator can choose whether to utilize the feature. XL> XL>BTW. I do not see much problem if the feature is not enabled for setuid XL>binaries because if the user already knows some secret (run under his or XL>her own credential), nor can the user trick others to utilize the XL>~/.hosts if the program is a setuid binary. What's your concern about XL>the "security problem", or could you please point how can we XL>successfully exploit the ~/.hosts to get privilege escalation and/or XL>information disclosure or something else, which could not happen without XL>~/.hosts? Wouldn't this enable the same kind of phishing attacks there are under=20 windows? As far as I remember there are attacks where the hosts file=20 (don't remember how its called under windows) is rewriten by a virus/java= =20 script/whatever to contain a different IP address for a given hostname?=20 Suppose someone fakes the website of www.foobank.com, then manages to=20 insert www.foobank.com with the wrong IP address into ~/.hosts? harti --0-933231558-1150871496=:24109--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060621082734.Q24109>