[RFC] hostnamed

Tue Apr 19 11:17:40 PDT 2011

On Tue, 19.04.11 12:44, Thiago Macieira (thiago at kde.org) wrote:

> On Tuesday, 19 de April de 2011 16:50:37 Lennart Poettering wrote:
> > The SetHostname() call on the dbus interface actually refuses hostnames
> > with chars outside of 0-9a-zA-Z, "." and "-". We also refuse hostnames with
> > a length > HOST_NAME_MAX. And the empty string is handled especially, i.e.
> > as "reset" to the static hostname.
> > 
> > People can still set a hostname like "....----...." of course, and we'd
> > accept that. It's kinda broken if you do of course, but I see no
> > vulnerability arising from that.
> 
> I suggest you apply the STD 3 rules for hostnames. To put it simply, hostnames 
> are dot-separated labels that are each:

You know, the thing is that nothing says that the hostname you set with
sethostname() is actualy an internet domain name, i.e. something you can
store in DNS. It better be, but that's not in POSIX, and not
in any other Unix standard either. POSIX is very terse on the syntax of hostnames:

http://pubs.opengroup.org/onlinepubs/009695399/functions/gethostname.html

It doesn't say anything about format, charset or anything else. Only
thing it says is the maximum size limit.

>  - between 1 and 64 characters
>  - contains letters A-Z a-z, digits 0-9 and the hyphen (dash)
>  - does not start or end in a dash
> 
> That would mean ... is not a valid hostname, nor -.-.

With these rules "..." would still be a valid hostname.

If it was for me I would mandate that the hostname cannot include ".",
i.e needs to be a single DNS label. However I know that people disagree
with that, and some folks think DNS FQDN is the way to go, and they have
a bit of point in that.

In short, I am not sure I want to go into the business of saying what
sethostname() should actually be. So all I'll do is filter out the
really obviously dangerous things: special chars that might be
interepreted by shell, non-7bit stuff and overly long names.

> In time: you may want to declare that the international hostnames that 
> hostnamed deals with are ACE encoded as per RFC 3490. That means if my 
> machine's hostname is:
> 
> 	thiago.josé.macieira.example.org
> 
> hostnamed should be given and will return instead:
> 
> 	thiago.xn--jos-dma.macieira.example.org

mDNS and DNS differ on this. The former says i18n is done via UTF-8, and
the latter says via that xn-- notation. gethostname() should probably
return something that is useful on mDNS, on DNS-SD, on LDAP and maybe
even for YP/NIS alike. Hence hostnamed is strict here.

I think the "pretty hostname" is the right place to use non-7bit-ASCII
chars, and spaces and things. Having the non-preety hostnames with
stricter rules is a good thing I believe.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.