Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod!mips!sgi!vjs@rhyolite.wpd.sgi.com From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver) Newsgroups: comp.protocols.tcp-ip.domains Subject: Re: PTR records of gateways on the Internet Message-ID: <81175@sgi.sgi.com> Date: 15 Jan 91 03:22:41 GMT References: <1991Jan13.054040.21009@riacs.edu> Sender: guest@sgi.sgi.com Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 43 In article <1991Jan13.054040.21009@riacs.edu>, medin@nsipo.arc.nasa.gov (Milo S. Medin) writes: > > We turned this bug into Sun, and posted it on comp.bugs.4bsd. Many sites use > this since they consider security marginally important. If you don't, that's > fine, and more power to you, but don't berate the efforts of a vendor who is > concerned with improving the state of security. If you don't like it, > then rebuild the resolver library from BSD source (available from a > number of places), and install a new shared library.... > As for using it in only things that require .rhosts type of files, well, I'm > sure you'd be rather annoyed when someone breaks into your machine from the > Internet and spoofs the PTR information so that when you try and contact > the system admin. of the host that connected to you, you get nowhere. Ah, but > then you don't care about security! I'm sorry I forgot... If the info is > wrong, it shouldn't be shoved into utmp. .... This is a reasonable reasonse at a large end-user site connected to the Internet and with a healthy concern for security. However, if the extra check is made in the few places that change /etc/*tmp based on gethostbyaddr(), such as rlogind and ftpd, then only the "right" information will be shoved into utmp. For one vendor, my employer, changing gethostbyaddr() to always do the check and choke on glitches is a bad idea. Making the reverse lookup in one place would break too many things to justify saving the time required to make and maintain the same check in about 5 places. It's reasonable to expect large Internet sites like NASA Ames to get their DNS databases right. It would be silly to expect, not to mention require, as much on smaller nets not connected to anything. There is also a better way to implement the check. Let "safe_gethostbyaddr()" return either the obvious struct hostent or a synthetic one with a "hostname" that is the ASCII string in the familiar dotted notation, representing the target IP address. If you do this, you need not care if the other end of the circuit has their DNS together or is an evil spoofer. Innocents will find that traceroute and even rlogin work, while malefactors will be disappointed. Vernon Schryver, Silicon Graphics, vjs@sgi.com