|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Hajimu UMEMOTO (ume
mahoroba.org)Date: Sun Jul 22 2001 - 16:09:35 CDT
>>>>> On Sun, 22 Jul 2001 16:38:13 -0400 (EDT)
>>>>> "Richard A. Steenbergen" <rase-gerbil.net> said:
ras> On Mon, 23 Jul 2001, Hajimu UMEMOTO wrote:
> >>>>> On Sat, 21 Jul 2001 23:34:30 +0100
> >>>>> Brian Somers <brianAwfulhak.org> said:
>
> brian> Yes, there is a problem where we've basically trusted a DNS that we
> brian> don't own -- and that is a risk. But I can't see why 9.8.7.6 is
> brian> relevant, *except* that ``w -n'' may be mentioning it.
>
> brian> Am I misinterpreting things or is the real problem that a forward and
> brian> reverse DNS can both conspire against you ? Or is the real problem
> brian> just ``w''s -n flag ?
>
> It is problem of w(1). `w -n' does forward lookup for IPv4 only and
> IPv6 is not supported at all. When available, login(1) writes
> hostname into utmp instead of IP address. If hostname is saved, `w
> -n' queries A RR for the hostname.
> Real problem is that UT_HOSTSIZE is too short to hold IPv6 address.
> Is there any chance to expand UT_HOSTSIZE in time to 5.0-RELEASE. It
> apparently breaks binary compatibility.
ras> This is not the problem here, login is writing the false IP to utmp.
I cannot agree with you here. You did ssh via IPv6. login(1) cannot
write IPv6 address into utmp. In this case, realhostname_sa(3)
returns hostname. The cases that IP address is saved are:
- reverse or forward lookup was failed,
- the result of reverse -> forward lookup doesn't match against
the address, or
- IPv4
Even if IPv6 address is saved, since it is chopped, it will fail to do
reverse lookup.
-- Hajimu UMEMOTOTo Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]