Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

To: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Subject: Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
From: David Holland <dholland-security%netbsd.org@localhost>
Date: Wed, 27 Apr 2011 22:32:18 +0000

On Tue, Apr 26, 2011 at 03:07:39PM -0500, Jeremy C. Reed wrote:
 > Unrelated to DHCP, should we consider making it so the hostname(1) tool, 
 > sethostname(3), and/or sysctl kern.hostname do not accept junk?

Yes, IMO.

I would say that anything that isn't allowed in a DNS name shouldn't
be allowed in a hostname; however, the internationalized domain names
stuff makes this messy.

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
  - From: Jeremy C. Reed

Prev by Date: Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
Next by Date: Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
Previous by Thread: Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
Next by Thread: Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection
Indexes:

Home | Main Index | Thread Index | Old Index