Subject: Question about HOSTALIASES changes
To: None <firstname.lastname@example.org>
From: Kazushi (Jam) Marukawa <email@example.com>
Date: 08/14/2000 00:09:00
I have a question about how to support HOSTALIASES.
I noticed about a change of libc's HOSTALIASES behavior.
Original code reads a file pointed by HOSTALIASES
environment variable, and use user defined host alias table
to lookup a correct host name whenever libc is looking up a
host name. Current code avoids this looking up if the
executing program has setuid bit. The change was made
between 1.27 and 1.28 of lib/libc/net/res_query.c.
cvs diff says:
-__RCSID("$NetBSD: res_query.c,v 1.27 2000/04/26 06:51:37 itojun Exp $");
+__RCSID("$NetBSD: res_query.c,v 1.28 2000/04/27 16:32:37 itojun Exp $");
- * XXX potential security problem if this file is not normally
- * readable by the user of a setuid program.
+ * forbid hostaliases for setuid binray, due to possible security
+ * breach.
+ if (issetugid())
+ return (NULL);
Now, I cannot use HOSTALIASES through ssh, ping, traceroute,
and any other programs which have setuid bit.
Original comment said this should check read permission of
HOSTALIASES file. However, this change just avoids all of
them. Is checking file permission following original
comment not enough for security?
I'd like to use HOSTALISES through such setuided programs if
it's possible. Is there any better solution for this?