Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

To: debian-devel@lists.debian.org
Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
From: Hamish Moffatt <hamish@debian.org>
Date: Wed, 10 Jan 2001 21:55:29 +1100
Message-id: <[🔎] 20010110215529.D22583@silly.cloud.net.au>
Mail-followup-to: Hamish Moffatt <hamish@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010109191949.A8866@alcor.net>; from mdz@debian.org on Tue, Jan 09, 2001 at 07:19:53PM -0500
References: <Pine.LNX.4.31.0101081331280.20955-100000@io.88.net> <Pine.LNX.4.31.0101081752230.25739-100000@io.88.net> <20010109110855.A4036@polya> <[🔎] 20010109134141.B44740@aixterm6.urz.uni-heidelberg.de> <[🔎] 20010109092946.J10073@visi.net> <[🔎] 20010110083413.D21279@silly.cloud.net.au> <[🔎] 20010109191949.A8866@alcor.net>

On Tue, Jan 09, 2001 at 07:19:53PM -0500, Matt Zimmerman wrote:
> I assume its purpose is to allow different resolver settings to be used with
> individual programs.  For instance, perhaps one program should use DNS, while
> another NIS, and still another only the local hosts file for name resolution.
> For some programs, setting 'nospoof' will improve security; for others, it will
> just cause some lookups to fail needlessly.

How does resolv.conf let you specify that? According to resolv.conf(5),
resolv.conf is used for DNS only (which is what I always thought).
You could accomplish the above if you could override /etc/nsswitch.conf
though.

There's probably some nasties in this option somewhere.

Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to:

Follow-Ups:
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Christoph Baumann <cbauman1@ix.urz.uni-heidelberg.de>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Ben Collins <bcollins@debian.org>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Hamish Moffatt <hamish@debian.org>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Creeping featuritis (was: Re: tar -I incompatibility)
Next by Date: Bug#81769: Does not boot from CD-Rom
Previous by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Next by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Index(es):
- Date
- Thread