On Tuesday, 19 de April de 2011 16:50:37 Lennart Poettering wrote: > The SetHostname() call on the dbus interface actually refuses hostnames > with chars outside of 0-9a-zA-Z, "." and "-". We also refuse hostnames with > a length > HOST_NAME_MAX. And the empty string is handled especially, i.e. > as "reset" to the static hostname. > > People can still set a hostname like "....----...." of course, and we'd > accept that. It's kinda broken if you do of course, but I see no > vulnerability arising from that.
I suggest you apply the STD 3 rules for hostnames. To put it simply, hostnames are dot-separated labels that are each: - between 1 and 64 characters - contains letters A-Z a-z, digits 0-9 and the hyphen (dash) - does not start or end in a dash That would mean ... is not a valid hostname, nor -.-. In time: you may want to declare that the international hostnames that hostnamed deals with are ACE encoded as per RFC 3490. That means if my machine's hostname is: thiago.josé.macieira.example.org hostnamed should be given and will return instead: thiago.xn--jos-dma.macieira.example.org -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Senior Product Manager - Nokia, Qt Development Frameworks PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ xdg mailing list xdg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xdg