On Tuesday, 19 de April de 2011 16:50:37 Lennart Poettering wrote: > The SetHostname() call on the dbus interface actually refuses hostnames > with chars outside of 0-9a-zA-Z, "." and "-". We also refuse hostnames with > a length > HOST_NAME_MAX. And the empty string is handled especially, i.e. > as "reset" to the static hostname. > > People can still set a hostname like "....----...." of course, and we'd > accept that. It's kinda broken if you do of course, but I see no > vulnerability arising from that.
I suggest you apply the STD 3 rules for hostnames. To put it simply, hostnames
are dot-separated labels that are each:
- between 1 and 64 characters
- contains letters A-Z a-z, digits 0-9 and the hyphen (dash)
- does not start or end in a dash
That would mean ... is not a valid hostname, nor -.-.
In time: you may want to declare that the international hostnames that
hostnamed deals with are ACE encoded as per RFC 3490. That means if my
machine's hostname is:
thiago.josé.macieira.example.org
hostnamed should be given and will return instead:
thiago.xn--jos-dma.macieira.example.org
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ xdg mailing list xdg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xdg
