This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: getaddrinfo with PF_UNSPEC and /etc/hosts


On Thu, Nov 22, 2001 at 08:12:48PM -0800, Ulrich Drepper wrote:
> This is a hack and nothing justifies adding this.  Especially since
> this has nothing to do with security (or lack of).

Which is why I said it was a hack, a workaround. It does have to do with
security. If you try to connect to "www.sun.com", and the DNS for a
domain in your search is hacked, they can redirect you to an IPv6
address. This is irregardless of your actual DNS server getting hacked,
and irregardless of sun.com's domain name. The plausability of this
problem only increases as IPv6 becomes more common.



Ben

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]