Re: libresolv+ bug

[zblaxell () myrus com (Zygo Blaxell)]

In article <199608190902.FAA32500 () matisse its rpi edu>,
Steve Czetty  <BUGTRAQ () NETSPACE ORG> wrote:
> > In response to the libresolv+ hole ...  I'm sure there's a better/more
> > encompassing/cleaner method of fixing it, but here's my patch for ping (I
>
> Yes..  I (once again) patched my libc to ignore the environment variable
> altogether..  Why do we need to have the ability to specify an
> /etc/host.conf other than /etc/host.conf???

You need to be able to specify another /etc/host.conf when it's wrong,
when /etc/host.conf itself is a security problem, when it's misconfigured,
when the servers listed therein are down, when you're testing changes
to /etc/host.conf, and when the sysadmin is vacationing on a continent
with poor cellular phone connectivity.

My question is: why are setuid programs doing really stupid things with
the contents of this file?  Given that DNS is as insecure or even more
insecure than anything else that comes into a host from its network
interface, why shouldn't the DNS access library be generally paranoid?

One good trick would be to have the library produce minimal diagnostics
when the binary is setuid (e.g. "parse error" instead of
"parse error:  what_could_not_be_parsed").
--
Zygo Blaxell. Unix/soft/hardware guru, was for U of Waterloo CS Club, now for
(name withheld by request). 10th place, ACM Intl Collegiate Programming Contest
Finals, 1994.  Admin Linux/TCP/IP for food, clothing, anime.  Pager: 1 (613)
760 8572.  "I gave up $1000 to avoid working on windoze... *sigh*" - Amy Fong