tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD Security Advisory 2011-005: ISC dhclient hostname field shell metacharacter injection

    Date:        Thu, 28 Apr 2011 06:47:32 +0000
    From:        David Holland <>
    Message-ID:  <>

  | Years and years ago when Sprint had slashes in the hostnames of a
  | bunch of their routers, it caused a (minor) stir and they were
  | compelled to change.

A lot of people have incorrect ideas, and there are all kinds of other
considerations than the DNS rules for what a name should be.

  | But maybe what was prohibited then is no longer
  | prohibited now; once upon a time domains weren't supposed to begin
  | with digits, either. still leads to

No, domain names never had that restriction either, or rather, the
DNS didn't (I have no idea what rules the .com registry imposed - that
is, the NIC at the time, that's a different issue).

The original hostname rules were like that however, letter, followed by
letters digits and hyphens, that's pretty much the minimalist set that
you can expect will work everywhere, and so can be a good choice as a
guide for naming - but it isn't a rule.

But the DNS has never had any restrictions on what names can appear,
it has been like that since day 1.   It does have some suggestions for
what names might make sense to use, and cause less problems in case
you need to use the name with other protocols, but those are, and always
were, no more than suggestions.


ps: the DNS even permits . to be a character in a domain name, that is
quite distinct from the . that separates the labels that make up the
name, but good luck on getting almost any software to handle that one

Home | Main Index | Thread Index | Old Index