[systemd-devel] [SECURITY] systemd: nss_myhostname last in /etc/nsswitch.conf may cause, problems

[Lennart Poettering]

On Fri, 08.08.14 12:07, Mateusz Jończyk (mat.jonczyk at o2.pl) wrote:

Heya,

> Hello,
> The man page for nss-myhostname:
> http://www.freedesktop.org/software/systemd/man/nss-myhostname.html
> suggests that myhostname should be used as a last entry in
> /etc/nsswitch.conf:
> "It is recommended to put myhostname last in the nsswitch.conf line to
> make sure that this mapping is only used as fallback, and any DNS or
> /etc/hosts based mapping takes precedence."
> 
> This may be risky because an attacker that knows the system hostname and
> can control DNS query results (by MITM attacks, i.e. after breaking into
> a home gateway) is able to redirect requests to the local host to a
> machine of his control.
> 
> For example if I opened "http://mateusz-ubuntu:631" in a web browser,
> and logged in there, an attacker could gain access to my CUPS user pasword.
> 
> On the other hand, an attacker that is able to listen to DNS queries can
> get knowledge of the local hostname (because it usually does not contain
> any dots) and that way identify a person behind a particular IP address
> (and/or gain some knowledge of his software / hardware - for example my
> hostname is mateusz-ubuntu).

Hostnames are not trustable. They never have been, and even in a world
with DNSSEC there's only trust for fqdns, and not even for
privately defined names.

Applications should not assume that host names were generally
trustable. They simple aren't, and it's not nss-myhostname's job to add
some trustability where there previously wasn't any.

Hostnames are primarily useful for adressing resources in the network,
and that's what they should be used for. 

Applications that want to make sure they connect to the local host
should reference it only via any of the local IP addresses (for example
127.0.0.1).

Lennart

-- 
Lennart Poettering, Red Hat