From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12936 invoked by alias); 24 Aug 2012 16:46:49 -0000 Received: (qmail 12905 invoked by uid 22791); 24 Aug 2012 16:46:47 -0000 X-SWARE-Spam-Status: No, hits=-3.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,KHOP_THREADED X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 24 Aug 2012 16:46:32 +0000 From: "nagle at sitetruth dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug network/13935] getaddrinfo NXDOMAIN hijack exploit for hosts with two-component hostnames Date: Fri, 24 Aug 2012 16:46:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: nagle at sitetruth dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2012-08/txt/msg00174.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13935 --- Comment #4 from John Nagle 2012-08-24 16:46:14 UTC --- This bug was filed before the vast expansion of TLDs. There may be new exploits possible once there are hundreds of new TLDs. One implication of all the new TLDs is that single-word domains (especially corporate domains, like WALMART) may have to be resolved on a routine basis. This has been discussed in the browser community, but it has implications here, too. I'm not sure what to do here, but someone needs to be coming up with a standard solution to this. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.