tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

On Thu, Apr 28, 2011 at 12:03:54PM +0700, Robert Elz wrote:
 >   | Someone needs to tell ISC then - BIND has been, by default, rejecting
 >   | names with _ in them for years.
 > I know, and they know, and they ignore it...   I used to remove that
 > code from bind, these days I just configure it away.

Years and years ago when Sprint had slashes in the hostnames of a
bunch of their routers, it caused a (minor) stir and they were
compelled to change. But maybe what was prohibited then is no longer
prohibited now; once upon a time domains weren't supposed to begin
with digits, either. still leads to

David A. Holland

Home | Main Index | Thread Index | Old Index