Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

[David Holland <dholland-security%netbsd.org@localhost>]

On Thu, Apr 28, 2011 at 12:03:54PM +0700, Robert Elz wrote:
 >   | Someone needs to tell ISC then - BIND has been, by default, rejecting
 >   | names with _ in them for years.
 > 
 > I know, and they know, and they ignore it...   I used to remove that
 > code from bind, these days I just configure it away.

Years and years ago when Sprint had slashes in the hostnames of a
bunch of their routers, it caused a (minor) stir and they were
compelled to change. But maybe what was prohibited then is no longer
prohibited now; once upon a time domains weren't supposed to begin
with digits, either. www.mmm.com still leads to www.3m.com...

-- 
David A. Holland
dholland%netbsd.org@localhost