tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

On Tue, Apr 26, 2011 at 03:07:39PM -0500, Jeremy C. Reed wrote:
 > Unrelated to DHCP, should we consider making it so the hostname(1) tool, 
 > sethostname(3), and/or sysctl kern.hostname do not accept junk?

Yes, IMO.

I would say that anything that isn't allowed in a DNS name shouldn't
be allowed in a hostname; however, the internationalized domain names
stuff makes this messy.

David A. Holland

Home | Main Index | Thread Index | Old Index