Re: CVS commit: src/bin/hostname

To: "Roland C. Dowdeswell" <elric%imrryr.org@localhost>
Subject: Re: CVS commit: src/bin/hostname
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Sun, 28 Jul 2013 18:01:27 +0200

On Wed, Jul 24, 2013 at 02:50:51PM +0100, Roland C. Dowdeswell wrote:
> [...]
> Their documentation states ``/etc/hostname  This file should only
> contain the hostname and not the full FQDN.''  This is counter to
> the guidance that we give our users in the NetBSD Guide and this
> decision on their part very much drives how they decided to implement
> their hostname(1) changes.
> 
> The main issue that I see is the use of reverse resolution:
> 
> In order to determine a host's ``full FQDN'', Linux's hostname(1)
> will perform a forward and reverse name lookup on the value retrieved
> via gethostname(2).  There are numerous issues with this.  First,
> name service is insecure.  Sure, the user _can_ make the appropriate
> settings in /etc/hosts to ensure that the data is collected locally
> but there is no guarantee that will be the case, there are no errors
> if that is not the case.  In short, in many or even most environments
> hostname -f will provide insecure information.
> 
> It is very easy to end up with something like this:
> 
>       $ ./obj/hostname
>       roofdrak.imrryr.org
>       $ ./obj/hostname -f
>       cpe-1-2-3-4.rr.net
> 
> It is not generally a good idea to presume that people will control
> their reverse resolution because it is delegated differently to
> forward resolution.  Even at medium to large enterprises, it is
> often the case that those that control the reverse resolution are
> different to those that control the forward for very obvious reasons:
> they are allocated using a different model.

And what will be the return value if your host has multiple IP addresses ?

I also think that hostname -f should just be equivalent to hostname,
if we ever want to keep the -f option. This should not rely on the reverse
name of some random IP address which may have nothing to do with what you're
looking for.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Prev by Date: Re: CVS commit: src/bin/hostname
Next by Date: Re: CVS commit: src/bin/hostname
Previous by Thread: Re: CVS commit: src/bin/hostname
Next by Thread: [no subject]
Indexes:

Home | Main Index | Thread Index | Old Index