Subject: Re: re-reading /etc/resolv.conf on change
To: Manuel Bouyer <email@example.com>
From: mouss <firstname.lastname@example.org>
Date: 01/01/2004 22:07:51
Manuel Bouyer wrote:
> On Thu, Jan 01, 2004 at 02:43:50PM -0500, Greg A. Woods wrote:
>>[ On Thursday, January 1, 2004 at 15:51:08 (+0100), Manuel Bouyer wrote: ]
>>>Subject: Re: re-reading /etc/resolv.conf on change
>>>I though about adding a environement variable for this as well, to allow
>>>a user to use its own resolv.conf (I'd like to be able to have a different
>>>search than the site-wide one). But it may be better to have env variables
>>>to override parts of resolv.conf. This needs more thoughs.
>>All of that sounds just about as dangerous as that stupid HOSTALISES
>>thing that I've ripped out of my own resolver code.
>>If you don't have the rights on some machine to change /etc/resolv.conf
>>then you shouldn't have the right to tell the resolver to use some other
>>configuration, even if it is only rope for your own execution.
> Why ?
I don't see any security issue here. Users can already specify a name
server to nslookup. They can even write their own resolver.