* P. Vixie: > On October 18, 2014 4:06:07 PM EDT, Florian Weimer <f...@deneb.enyo.de> wrote: > >>Red Hat Enterprise Linux does not have this vector. It uses the >>regular glibc resolver, which is based on the old BIND stub resolver, >>and this code has both escaping from wire format to the textual >>representation (which destroys the magic pattern) and the res_hnok >>check (which rejects shell meta-characters). > > Wow. That code has been hugely unpopular but it turns out there may > have been a pont to it other than protecting sendmail qf files back > in 1995. Thanks for sharing. > > What about getnameinfo and getaddrinfo?
nss_dns has the behavior I described above. If you use other NSS modules for host name resolution, you may get different behavior. (I'm not even sure if reverse lookups through LDAP even work, I have never seen such a thing.) _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
