This seems bogus to me.
assert(0==getnameinfo((struct sockaddr *)&sa, sizeof sa,
host, sizeof host, NULL, 0, NI_NAMEREQD));
printf("Lookup result: %s\n\n", host);
assert(setenv("REMOTE_HOST",host,1) == 0);
execl("/bin/bash",NULL);
Who does this? Where, in the actual world, is code deployed that does what this
supposed PoC does? Isn't it just a rigged demo?
Vixie
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity._______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
