On Tue, 19.04.11 10:01, Ludwig Nussel ([email protected]) wrote: > > Lennart Poettering wrote: > > just wanted to mention that systemd git now as a tiny daemon "hostnamed" > > which is started on demand via dbus, and whose purpose is exactly three > > things: provide a PK authenticated way for UI tools to change the > > hostname, for sending out change signals when the hostname changes and > > Shouldn't the kernel itself already emit events if the hostname > changes? So actually all sethostname() calls are detected?
The kernel currently doesn't do notification on hostname changes. But Lucas De Marchi wants to look into that. This would improve things and I definitely will make use of that in hostnamed. However, it doesn't really make hostnamed unnecessary (you still want PK, want the ability to reset the transient hostname, and want the icon name/pretty name). > Also, beware of CVE-2011-0997. The SetHostname() call on the dbus interface actually refuses hostnames with chars outside of 0-9a-zA-Z, "." and "-". We also refuse hostnames with a length > HOST_NAME_MAX. And the empty string is handled especially, i.e. as "reset" to the static hostname. People can still set a hostname like "....----...." of course, and we'd accept that. It's kinda broken if you do of course, but I see no vulnerability arising from that. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
