~/.hosts patch

Simon L. Nielsen simon at FreeBSD.org
Wed Jun 21 08:55:30 UTC 2006 

On 2006.06.21 08:31:36 +0200, Harti Brandt wrote:
> On Wed, 21 Jun 2006, Xin LI wrote:
> 
> XL>?? 2006-06-21???? 01:54 -0400??Mike Jakubik??????
> XL>> [snip]
> XL>> > It's useful for cases where you want to add shortcuts to hosts as a user
> XL>> > or do interesting ssh port forwarding tricks in some weird cases where
> XL>> > you must connect to localhost:port as remotehost:port due to
> XL>> > client/server protocol bugs.
> XL>> >
> XL>> > This patch appears to only support ~/.hosts for non-suid binaries which
> XL>> > is the only real security issue.  Any admin relying on host to IP
> XL>> > mapping for security for ordinary users is an idiot so that case isn't
> XL>> > worth worrying about.  Doing this as a separate nss module probably
> XL>> > makes sense, but I personally like the feature.
> XL>>
> XL>> Of course relying on /etc/hosts entries for security alone is indeed not 
> XL>> a good idea, however an Admin may choose to resolve and therefore route 
> XL>> specified hostnames via /etc/hosts. The user should not be able to 
> XL>> overwrite these, if this behavior is true, then it seems like a 
> XL>> reasonable change to me, otherwise it not only seems to be a security 
> XL>> problem, but also a breach of POLA.
> XL>
> XL>I think this would be better implemented with a nss module so that the
> XL>administrator can choose whether to utilize the feature.
> XL>
> XL>BTW. I do not see much problem if the feature is not enabled for setuid
> XL>binaries because if the user already knows some secret (run under his or
> XL>her own credential), nor can the user trick others to utilize the
> XL>~/.hosts if the program is a setuid binary.  What's your concern about
> XL>the "security problem", or could you please point how can we
> XL>successfully exploit the ~/.hosts to get privilege escalation and/or
> XL>information disclosure or something else, which could not happen without
> XL>~/.hosts?
> 
> Wouldn't this enable the same kind of phishing attacks there are under 
> windows? As far as I remember there are attacks where the hosts file 
> (don't remember how its called under windows) is rewriten by a virus/java 
> script/whatever to contain a different IP address for a given hostname? 
> Suppose someone fakes the website of www.foobank.com, then manages to 
> insert www.foobank.com with the wrong IP address into ~/.hosts?

If an attacker is able to write a ~/.hosts you have already lost and I
really doubt being able to override hosts lookup would make any
difference security wise.

Instead of writing a ~/.hosts file, the attacker could just start a
keylogger on the system either directly by some remote code execution,
or by installing the keylogger somewhere and get it to start on boot,
X login etc. by appending to some startup file.

I really don't see how this would make any real difference security
wise.

-- 
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060621/7374a36e/attachment.pgp

More information about the freebsd-current mailing list