* A patch for libresolv
@ 1999-10-05 18:27 H.J. Lu
1999-10-11 14:47 ` Ulrich Drepper
0 siblings, 1 reply; 9+ messages in thread
From: H.J. Lu @ 1999-10-05 18:27 UTC (permalink / raw)
To: GNU C Library
Hi,
There are many options in libresolve. However, there are no codes to
set them. Here is a patch to handle options for libresolve.
--
H.J. Lu (hjl@gnu.org)
--
Tue Oct 5 18:23:01 1999 H.J. Lu <hjl@gnu.org>
* resolv/res_init.c (o_mnemonic): New.
(res_setoptions): Use it.
Index: resolv/res_init.c
===================================================================
RCS file: /work/cvs/gnu/glibc-2.1/resolv/res_init.c,v
retrieving revision 1.1.1.9
diff -u -p -r1.1.1.9 res_init.c
--- resolv/res_init.c 1999/05/05 01:35:31 1.1.1.9
+++ resolv/res_init.c 1999/10/06 01:21:05
@@ -111,6 +111,7 @@ static int netinfo_res_init __P((int *ha
#endif
static void res_setoptions __P((char *, char *)) internal_function;
+static u_long o_mnemonic __P((const char * mnemonic)) internal_function;
#ifdef RESOLVSORT
static const char sort_mask[] = "/&";
@@ -427,12 +428,66 @@ res_init()
return (0);
}
+/*
+ * Return an option from a mnemonic.
+ */
+static u_long
+internal_function
+o_mnemonic (mnemonic)
+ const char * mnemonic;
+{
+ if (strncasecmp (mnemonic, "init", sizeof ("init") - 1) == 0)
+ return RES_INIT;
+ else if (strncasecmp (mnemonic, "debug",
+ sizeof ("debug") - 1) == 0)
+ return RES_DEBUG;
+ else if (strncasecmp (mnemonic, "aaonly",
+ sizeof ("aaonly") - 1) == 0)
+ return RES_AAONLY;
+ else if (strncasecmp (mnemonic, "usevc",
+ sizeof ("usevc") - 1) == 0)
+ return RES_USEVC;
+ else if (strncasecmp (mnemonic, "primry",
+ sizeof ("primry") - 1) == 0)
+ return RES_PRIMARY;
+ else if (strncasecmp (mnemonic, "igntc",
+ sizeof ("igntc") - 1) == 0)
+ return RES_IGNTC;
+ else if (strncasecmp (mnemonic, "recurs",
+ sizeof ("recurs") - 1) == 0)
+ return RES_RECURSE;
+ else if (strncasecmp (mnemonic, "defnam",
+ sizeof ("defnam") - 1) == 0)
+ return RES_DEFNAMES;
+ else if (strncasecmp (mnemonic, "styopn",
+ sizeof ("styopn") - 1) == 0)
+ return RES_STAYOPEN;
+ else if (strncasecmp (mnemonic, "dnsrch",
+ sizeof ("dnsrch") - 1) == 0)
+ return RES_DNSRCH;
+ else if (strncasecmp (mnemonic, "insecure1",
+ sizeof ("insecure1") - 1) == 0)
+ return RES_INSECURE1;
+ else if (strncasecmp (mnemonic, "insecure2",
+ sizeof ("insecure2") - 1) == 0)
+ return RES_INSECURE2;
+ else if (strncasecmp (mnemonic, "noaliases",
+ sizeof ("noaliases") - 1) == 0)
+ return RES_NOALIASES;
+ else if (strncasecmp (mnemonic, "inet6",
+ sizeof ("inet6") - 1) == 0)
+ return RES_USE_INET6;
+ else
+ return ~0;
+}
+
static void
internal_function
res_setoptions(options, source)
char *options, *source;
{
char *cp = options;
+ u_long option;
int i;
#ifdef DEBUG
@@ -464,8 +519,8 @@ res_setoptions(options, source)
}
printf(";;\tdebug\n");
#endif
- } else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) {
- _res.options |= RES_USE_INET6;
+ } else if ((option = o_mnemonic (cp)) != ~0) {
+ _res.options |= option;
} else {
/* XXX - print a warning here? */
}
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-05 18:27 A patch for libresolv H.J. Lu
@ 1999-10-11 14:47 ` Ulrich Drepper
1999-10-11 15:00 ` H.J. Lu
0 siblings, 1 reply; 9+ messages in thread
From: Ulrich Drepper @ 1999-10-11 14:47 UTC (permalink / raw)
To: H.J. Lu; +Cc: GNU C Library
hjl@valinux.com (H.J. Lu) writes:
> There are many options in libresolve. However, there are no codes to
> set them. Here is a patch to handle options for libresolve.
Where is the existing practice for this? We cannot simply invent this
because at least I don't understand the code completely.
Just a brief look already showed a problem. The RES_IGNTC flag is
used in the bind 8 code internally (res_sendsigned.c). It is
obviously not meant to be set by the user. Probably this is correct
for the rest as well.
I'll compare the res_init code in glibc and in bind 8 and make
whatever changes this suggests. But simply extending the option
format is not correct.
--
---------------. drepper at gnu.org ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com `------------------------
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 14:47 ` Ulrich Drepper
@ 1999-10-11 15:00 ` H.J. Lu
1999-10-11 15:07 ` Ulrich Drepper
0 siblings, 1 reply; 9+ messages in thread
From: H.J. Lu @ 1999-10-11 15:00 UTC (permalink / raw)
To: drepper; +Cc: GNU C Library
>
> hjl@valinux.com (H.J. Lu) writes:
>
> > There are many options in libresolve. However, there are no codes to
> > set them. Here is a patch to handle options for libresolve.
>
> Where is the existing practice for this? We cannot simply invent this
> because at least I don't understand the code completely.
>
> Just a brief look already showed a problem. The RES_IGNTC flag is
> used in the bind 8 code internally (res_sendsigned.c). It is
Then take it out from my patch.
> obviously not meant to be set by the user. Probably this is correct
> for the rest as well.
>
> I'll compare the res_init code in glibc and in bind 8 and make
> whatever changes this suggests. But simply extending the option
> format is not correct.
>
There are many RES_XXXXX macros but they are not settable by users.
I have a need to set RES_INSECURE1/RES_INSECURE2. I don't want to
recompile glibc to do it.
--
H.J. Lu (hjl@gnu.org)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 15:00 ` H.J. Lu
@ 1999-10-11 15:07 ` Ulrich Drepper
1999-10-11 15:11 ` H.J. Lu
0 siblings, 1 reply; 9+ messages in thread
From: Ulrich Drepper @ 1999-10-11 15:07 UTC (permalink / raw)
To: H.J. Lu; +Cc: GNU C Library
hjl@valinux.com (H.J. Lu) writes:
> Then take it out from my patch.
So I go through your patch and correct the problems? There is
something wrong with this...
> There are many RES_XXXXX macros but they are not settable by users.
> I have a need to set RES_INSECURE1/RES_INSECURE2. I don't want to
> recompile glibc to do it.
Identify exactly which flags you need and I will try to find out how
they are supposed to be used.
--
---------------. drepper at gnu.org ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com `------------------------
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 15:07 ` Ulrich Drepper
@ 1999-10-11 15:11 ` H.J. Lu
1999-10-11 17:20 ` Geoff Keating
0 siblings, 1 reply; 9+ messages in thread
From: H.J. Lu @ 1999-10-11 15:11 UTC (permalink / raw)
To: drepper; +Cc: GNU C Library
>
> > There are many RES_XXXXX macros but they are not settable by users.
> > I have a need to set RES_INSECURE1/RES_INSECURE2. I don't want to
> > recompile glibc to do it.
>
> Identify exactly which flags you need and I will try to find out how
> they are supposed to be used.
>
I need to be able to set RES_INSECURE1/RES_INSECURE2 in
/etc/resolv.conf and via an environment variable.
Thanks.
--
H.J. Lu (hjl@gnu.org)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 15:11 ` H.J. Lu
@ 1999-10-11 17:20 ` Geoff Keating
1999-10-11 17:26 ` H.J. Lu
0 siblings, 1 reply; 9+ messages in thread
From: Geoff Keating @ 1999-10-11 17:20 UTC (permalink / raw)
To: hjl; +Cc: drepper, libc-hacker
> Date: Mon, 11 Oct 1999 15:11:15 -0700 (PDT)
> Cc: libc-hacker@sourceware.cygnus.com (GNU C Library)
> From: hjl@valinux.com (H.J. Lu)
> I need to be able to set RES_INSECURE1/RES_INSECURE2 in
> /etc/resolv.conf and via an environment variable.
You've considered the security issues involved in this, and you're
sure it's OK to put it in everyone's glibc?
--
Geoffrey Keating <geoffk@cygnus.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 17:20 ` Geoff Keating
@ 1999-10-11 17:26 ` H.J. Lu
1999-10-11 17:37 ` Geoff Keating
0 siblings, 1 reply; 9+ messages in thread
From: H.J. Lu @ 1999-10-11 17:26 UTC (permalink / raw)
To: Geoff Keating; +Cc: GNU C Library
>
> > Date: Mon, 11 Oct 1999 15:11:15 -0700 (PDT)
> > Cc: libc-hacker@sourceware.cygnus.com (GNU C Library)
> > From: hjl@valinux.com (H.J. Lu)
>
> > I need to be able to set RES_INSECURE1/RES_INSECURE2 in
> > /etc/resolv.conf and via an environment variable.
>
> You've considered the security issues involved in this, and you're
> sure it's OK to put it in everyone's glibc?
>
They are off by default. You have to turn them on by hand in
/etc/resolv.conf or via an environment variable. They are a few
sites on the Internet which rerquires them. I'd like to be able
to do
# RES_OPTS=insecure2 foobar
What is the problem with that? Are you suggesting we should check
# rm -rf /dev
now?
--
H.J. Lu (hjl@gnu.org)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 17:26 ` H.J. Lu
@ 1999-10-11 17:37 ` Geoff Keating
1999-10-11 17:56 ` H.J. Lu
0 siblings, 1 reply; 9+ messages in thread
From: Geoff Keating @ 1999-10-11 17:37 UTC (permalink / raw)
To: hjl; +Cc: libc-hacker
> Date: Mon, 11 Oct 1999 17:26:42 -0700 (PDT)
> Cc: libc-hacker@sourceware.cygnus.com (GNU C Library)
> From: hjl@valinux.com (H.J. Lu)
> They are off by default. You have to turn them on by hand in
> /etc/resolv.conf or via an environment variable. They are a few
> sites on the Internet which rerquires them. I'd like to be able
> to do
>
> # RES_OPTS=insecure2 foobar
>
> What is the problem with that? Are you suggesting we should check
>
> # rm -rf /dev
>
> now?
So your proposed patch checks for getuid() == 0?
--
Geoffrey Keating <geoffk@cygnus.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: A patch for libresolv
1999-10-11 17:37 ` Geoff Keating
@ 1999-10-11 17:56 ` H.J. Lu
0 siblings, 0 replies; 9+ messages in thread
From: H.J. Lu @ 1999-10-11 17:56 UTC (permalink / raw)
To: Geoff Keating; +Cc: GNU C Library
>
> > Date: Mon, 11 Oct 1999 17:26:42 -0700 (PDT)
> > Cc: libc-hacker@sourceware.cygnus.com (GNU C Library)
> > From: hjl@valinux.com (H.J. Lu)
>
> > They are off by default. You have to turn them on by hand in
> > /etc/resolv.conf or via an environment variable. They are a few
> > sites on the Internet which rerquires them. I'd like to be able
> > to do
> >
> > # RES_OPTS=insecure2 foobar
> >
> > What is the problem with that? Are you suggesting we should check
> >
> > # rm -rf /dev
> >
> > now?
>
> So your proposed patch checks for getuid() == 0?
>
RES_OPTIONS is called with __secure_getenv so that it is not a problem.
However, all those options, including RES_IGNTC, are set/cleared in
dig/host/nslookup in bind 8. Right now my patch will only affect root
if those options are turned on in /etc/resolv.conf. If anyone can
change /etc/resolv.conf on your machine, my patch is the last thing
you want to worry about.
--
H.J. Lu (hjl@gnu.org)
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~1999-10-11 17:56 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1999-10-05 18:27 A patch for libresolv H.J. Lu
1999-10-11 14:47 ` Ulrich Drepper
1999-10-11 15:00 ` H.J. Lu
1999-10-11 15:07 ` Ulrich Drepper
1999-10-11 15:11 ` H.J. Lu
1999-10-11 17:20 ` Geoff Keating
1999-10-11 17:26 ` H.J. Lu
1999-10-11 17:37 ` Geoff Keating
1999-10-11 17:56 ` H.J. Lu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).