Subject: Re: localhost security hole
To: Robert Elz <kre@munnari.OZ.AU>
From: David Laight <>
List: tech-security
Date: 06/28/2003 16:02:53
> That's because they use getaddrinfo() (or gethostbyname()).   And they do
> exhibit the problem if your nsswitch.conf is sane (does DNS lookups only,
> or at least, DNS lookups before using /etc/hosts or other methods).
> Preferring /etc/hosts is just a recipe for disaster in general.

Erm why?

In my experience it is the other way around.
Also you need to put entries into /etc/hosts for any system you
NFS mount from during the boot process.
Then you can boot systems when the name server is down.

(Or if you have nasty non-hierarchic NFS mounts that make it almost
impossible to bring all the systems up in a sane order after a
power outage.)


David Laight: