tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

On Thu, Apr 28, 2011 at 10:12:11AM +0700, Robert Elz wrote:
> There is no reason to limit (at all - with the possible exception of \0
> which just makes things messy for unix) the values that appear in
> hostnames (nor the set that a DHCP server can deliver, for that matter).
> Scripts (or other applications) that break when the hostname is unusual
> ought to be fixed, not pandered to.

Someone needs to tell ISC then - BIND has been, by default, rejecting
names with _ in them for years.

Brett Lymn
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

Home | Main Index | Thread Index | Old Index