From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11293 Path: news.gmane.org!.POSTED!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] Add RES_OPTIONS support for resolv.conf options overriding Date: Tue, 25 Apr 2017 12:48:51 -0400 Message-ID: <20170425164851.GV17319@brightrain.aerifal.cx> References: <20170425022122.27281-1-stefan.sedich@gmail.com> <20170425023934.GT17319@brightrain.aerifal.cx> <20170425025043.GF27654@wopr> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: blaine.gmane.org 1493138945 3377 195.159.176.226 (25 Apr 2017 16:49:05 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 25 Apr 2017 16:49:05 +0000 (UTC) User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-11308-gllmg-musl=m.gmane.org@lists.openwall.com Tue Apr 25 18:49:00 2017 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1d33e8-0000il-Dc for gllmg-musl@m.gmane.org; Tue, 25 Apr 2017 18:49:00 +0200 Original-Received: (qmail 9242 invoked by uid 550); 25 Apr 2017 16:49:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 9221 invoked from network); 25 Apr 2017 16:49:03 -0000 Content-Disposition: inline In-Reply-To: Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:11293 Archived-At: On Tue, Apr 25, 2017 at 04:30:58AM +0000, Stefan Sedich wrote: > Rich, > > I will make the change, but so I understand some more what would be the > implications of not ignoring it in this scenario? I understand why it is > bad in the case of the load paths for example but just want to understand > the issue in this context. Primarily it's just a general principle of safety. A few specific attacks I can think of here, though: 1. By manipulating ndots, you could cause a privileged process to lookup the wrong domain. 2. By controlling timeout and retries, you could widen the window for dns spoofing attacks. Neither of these should lead to privilege-elevation if proper authentication is used (dns alone is not sufficient to authenticate a server to a client without dnssec), but lots of stuff is not written to be safe... BTW, please reply inline/below on lists rather than top-posting. Rich > On Mon, Apr 24, 2017 at 7:50 PM Kurt H Maier wrote: > > > On Mon, Apr 24, 2017 at 10:39:34PM -0400, Rich Felker wrote: > > > > > > What I'd really like is a way for users to override nameserver and > > > search directives (so pretty much, all of resolv.conf) in a way that > > > doesn't need root; this would be really valuable for testing. But > > > sadly there's no precedent for an interface to do so. Maybe it's > > > something we could work on a unified solution to with other > > > implementations (glibc, bsds?). > > > > > > Rich > > > > FreeBSD and OpenBSD both currently support RES_OPTIONS (and LOCALDOMAIN > > for overriding the search directive) but I don't think they support > > overriding the nameserver directive. There's just the HOSTALIASES > > variable for pointing to a file full of 'alias hostname' pairs. > > > > khm > >