[fbsd] Re: possible patch for implementing split DNS
Jeremie Le Hen
jeremie at le-hen.org
Tue Aug 29 09:01:43 UTC 2006
Hi Simon,
On Tue, Aug 29, 2006 at 10:50:02AM +0200, Simon L. Nielsen wrote:
> On 2006.08.25 15:08:13 -0700, Julian Elischer wrote:
> Since a bunch of people have suggested other solutions I just wanted
> to add me 0.01$CURRENCY, FWIW.
>
> Other than missing update for some manual page (not sure where this
> should go) I don't see a problem adding this patch. "Normal" users
> should be able already get similar functionality already by simply
> preloading a custom patched libc, so I don't see a problem supporting
> this.
I agree with this statement. If users really want to, they can
compile their own libc. However, nectar@ has added the following
comment in nsdispatch.c:
% #if defined(_NSS_DEBUG) && defined(_NSS_SHOOT_FOOT)
% /* NOTE WELL: THIS IS A SECURITY HOLE. This must only be built
% * for debugging purposes and MUST NEVER be used in production.
% */
% path = getenv("NSSWITCH_CONF");
% if (path == NULL)
% #endif
% path = _PATH_NS_CONF;
We should remove this #if clause because of your argument. I'm not sure
it is worth documenting it however.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-net
mailing list