Re: 2.0.4 partially fixes "hosts" problem.

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.0.4 partially fixes "hosts" problem.

From:	Martin A. Brooks
Subject:	Re: 2.0.4 partially fixes "hosts" problem.
Date:	Mon, 02 Sep 2002 15:58:57 +0100

At 16:40 02/09/2002 +0200, you wrote:

This is a a problem in your DNS?? If you don't want this check, then
you should specificy SkipVerify. But reverse lookup *ought to be possible*,
or am I misunderstanding your point?

I think you miss the point. I add the hosts entry on the /client/side. The server is ignoring the fact that that IP actually resolves tosomething else and blindly trusts client that the FQDN for the client isfoobar.lon4.fastsearch.net

At some point the during the conversation the client is saying "I think I'mcalled foobar.lon4.fastsearch.net" and the server believes this.

On 2.0.3 this can be considered to be a DoS attack, as it actuallycoredumps cfservd.


Mart.

[Prev in Thread]

Current Thread

[Next in Thread]

2.0.4 partially fixes "hosts" problem., Martin A. Brooks, 2002/09/02
- Re: 2.0.4 partially fixes "hosts" problem., Mark . Burgess, 2002/09/02
  - Re: 2.0.4 partially fixes "hosts" problem., Martin A. Brooks <=
- Re: 2.0.4 partially fixes "hosts" problem., Martin A. Brooks, 2002/09/02

Prev by Date: Re: 2.0.4 partially fixes "hosts" problem.
Next by Date: problem with edifiles not done at the right time
Previous by thread: Re: 2.0.4 partially fixes "hosts" problem.
Next by thread: Re: 2.0.4 partially fixes "hosts" problem.
Index(es):
- Date
- Thread