[fbsd] Re: possible patch for implementing split DNS
Julian Elischer
julian at elischer.org
Tue Aug 29 19:24:16 UTC 2006
Jeremie Le Hen wrote:
>Hi Simon,
>
>On Tue, Aug 29, 2006 at 10:50:02AM +0200, Simon L. Nielsen wrote:
>
>
>>On 2006.08.25 15:08:13 -0700, Julian Elischer wrote:
>>Since a bunch of people have suggested other solutions I just wanted
>>to add me 0.01$CURRENCY, FWIW.
>>
>>Other than missing update for some manual page (not sure where this
>>should go) I don't see a problem adding this patch. "Normal" users
>>should be able already get similar functionality already by simply
>>preloading a custom patched libc, so I don't see a problem supporting
>>this.
>>
>>
>
>I agree with this statement. If users really want to, they can
>compile their own libc. However, nectar@ has added the following
>comment in nsdispatch.c:
>
>% #if defined(_NSS_DEBUG) && defined(_NSS_SHOOT_FOOT)
>% /* NOTE WELL: THIS IS A SECURITY HOLE. This must only be built
>% * for debugging purposes and MUST NEVER be used in production.
>% */
>% path = getenv("NSSWITCH_CONF");
>% if (path == NULL)
>% #endif
>% path = _PATH_NS_CONF;
>
>We should remove this #if clause because of your argument. I'm not sure
>it is worth documenting it however.
>
>
>
by testing for SUID and a few other cases this can be made safe..
notice that my patch would not do anything on suid programs (which you
an not use LD hacks with
for the same reason)
>Regards,
>
>
More information about the freebsd-net
mailing list