Bug#773443: [PATCH] host.conf.5: keywords and env. var. nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK were added to glibc 2.0.7 but never implemented

2015-03-10 Thread Michael Kerrisk (man-pages)
On 03/10/2015 12:27 AM, Stéphane Aulery wrote:
 Move descriptions to historical section and reorder it for clarity

Thanks, Stéphane.

Applied. But please make patch titles shorter (72 chars) --move text 
to the body of the commit message as needed.

Thanks,

Michael


 Debian Bug #773443 reported by yg...@ygrex.ru
 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443
 Signed-off-by: Stéphane Aulery saul...@free.fr
 ---
  man5/host.conf.5 | 125 
 ---
  1 file changed, 63 insertions(+), 62 deletions(-)
 
 diff --git a/man5/host.conf.5 b/man5/host.conf.5
 index 9ff2ed3..08da435 100644
 --- a/man5/host.conf.5
 +++ b/man5/host.conf.5
 @@ -66,52 +66,6 @@ This is
  by default, as it may cause a substantial performance loss at sites
  with large hosts files.
  .TP
 -.I nospoof
 -Valid values are
 -.IR on  and  off .
 -If set to
 -.IR on ,
 -the resolv+ library will attempt to prevent hostname spoofing to
 -enhance the security of
 -.BR rlogin  and  rsh .
 -It works as follows: after performing a host address lookup, resolv+
 -will perform a hostname lookup for that address.
 -If the two hostnames
 -do not match, the query will fail.
 -The default value is
 -.IR off .
 -.TP
 -.I spoofalert
 -Valid values are
 -.IR on  and  off .
 -If this option is set to
 -.I on
 -and the
 -.I nospoof
 -option is also set, resolv+ will log a warning of the error via the
 -syslog facility.
 -The default value is
 -.IR off .
 -.TP
 -.I spoof
 -Valid values are
 -.IR off ,  nowarn  and  warn .
 -If this option is set to
 -.IR off ,
 -spoofed addresses are permitted and no warnings will be emitted
 -via the syslog facility.
 -If this option is set to
 -.IR warn ,
 -resolv+ will attempt to prevent hostname spoofing to
 -enhance the security and log a warning of the error via the syslog
 -facility.
 -If this option is set to
 -.IR nowarn ,
 -the resolv+ library will attempt to prevent hostname spoofing to
 -enhance the security but not emit warnings via the syslog facility.
 -Setting this option to anything else is equal to setting it to
 -.IR nowarn .
 -.TP
  .I reorder
  Valid values are
  .IR on  and  off .
 @@ -133,15 +87,6 @@ override the behavior which is configured in
  If set, this variable points to a file that should be read instead of
  .IR /etc/host.conf .
  .TP
 -.B RESOLV_SPOOF_CHECK
 -Overrides the
 -.IR nospoof ,  spoofalert  and  spoof
 -commands in the same way as the
 -.I spoof
 -command is parsed.
 -Valid values are
 -.IR off ,  nowarn  and  warn .
 -.TP
  .B RESOLV_MULTI
  Overrides the
  .I multi
 @@ -184,6 +129,10 @@ can take arguments like
  .IR off ,  nowarn  and  warn .
  Line comments can appear anywhere and not only at the beginning of a line.
  .SS Historical
 +The
 +.BR nsswitch.conf (5)
 +file is the modern way of controlling the order of host lookups.
 +.PP
  In glibc 2.4 and earlier, the following keyword is recognized:
  .TP
  .I order
 @@ -191,15 +140,67 @@ This keyword specifies how host lookups are to be 
 performed.
  It should be followed by one or more lookup methods, separated by commas.
  Valid methods are
  .IR bind ,  hosts , and  nis .
 -The
 +.TP
  .B RESOLV_SERV_ORDER
 -environment variable could be used to override the
 -.I order
 -command.
 +Overrides the order command.
  .PP
 -The
 -.BR nsswitch.conf (5)
 -file is the modern way of controlling the order of host lookups.
 +Since glibc 2.0.7, the following keywords and environment variable have
 +been recognized but never implemented:
 +.TP
 +.I nospoof
 +Valid values are
 +.IR on  and  off .
 +If set to
 +.IR on ,
 +the resolv+ library will attempt to prevent hostname spoofing to
 +enhance the security of
 +.BR rlogin  and  rsh .
 +It works as follows: after performing a host address lookup, resolv+
 +will perform a hostname lookup for that address.
 +If the two hostnames
 +do not match, the query will fail.
 +The default value is
 +.IR off .
 +.TP
 +.I spoofalert
 +Valid values are
 +.IR on  and  off .
 +If this option is set to
 +.I on
 +and the
 +.I nospoof
 +option is also set, resolv+ will log a warning of the error via the
 +syslog facility.
 +The default value is
 +.IR off .
 +.TP
 +.I spoof
 +Valid values are
 +.IR off ,  nowarn  and  warn .
 +If this option is set to
 +.IR off ,
 +spoofed addresses are permitted and no warnings will be emitted
 +via the syslog facility.
 +If this option is set to
 +.IR warn ,
 +resolv+ will attempt to prevent hostname spoofing to
 +enhance the security and log a warning of the error via the syslog
 +facility.
 +If this option is set to
 +.IR nowarn ,
 +the resolv+ library will attempt to prevent hostname spoofing to
 +enhance the security but not emit warnings via the syslog facility.
 +Setting this option to anything else is equal to setting it to
 +.IR nowarn .
 +.TP
 +.B RESOLV_SPOOF_CHECK
 +Overrides the
 +.IR nospoof ,  spoofalert  and  spoof
 +commands in the same way as the
 +.I spoof
 +command is parsed.
 +Valid values are
 +.IR 

Bug#773443: [PATCH] host.conf.5: keywords and env. var. nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK were added to glibc 2.0.7 but never implemented

2015-03-10 Thread Stéphane Aulery
Le mardi 10 mars 2015 à 07:20:51, Michael Kerrisk (man-pages) a écrit :
 On 03/10/2015 12:27 AM, Stéphane Aulery wrote:
  Move descriptions to historical section and reorder it for clarity
 
 Thanks, Stéphane.
 
 Applied. But please make patch titles shorter (72 chars) --move text 
 to the body of the commit message as needed.

Ok, I will.

-- 
Stéphane Aulery


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org



Bug#773443: [PATCH] host.conf.5: keywords and env. var. nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK were added to glibc 2.0.7 but never implemented

2015-03-09 Thread Stéphane Aulery
Move descriptions to historical section and reorder it for clarity

Debian Bug #773443 reported by yg...@ygrex.ru

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443
Signed-off-by: Stéphane Aulery saul...@free.fr
---
 man5/host.conf.5 | 125 ---
 1 file changed, 63 insertions(+), 62 deletions(-)

diff --git a/man5/host.conf.5 b/man5/host.conf.5
index 9ff2ed3..08da435 100644
--- a/man5/host.conf.5
+++ b/man5/host.conf.5
@@ -66,52 +66,6 @@ This is
 by default, as it may cause a substantial performance loss at sites
 with large hosts files.
 .TP
-.I nospoof
-Valid values are
-.IR on  and  off .
-If set to
-.IR on ,
-the resolv+ library will attempt to prevent hostname spoofing to
-enhance the security of
-.BR rlogin  and  rsh .
-It works as follows: after performing a host address lookup, resolv+
-will perform a hostname lookup for that address.
-If the two hostnames
-do not match, the query will fail.
-The default value is
-.IR off .
-.TP
-.I spoofalert
-Valid values are
-.IR on  and  off .
-If this option is set to
-.I on
-and the
-.I nospoof
-option is also set, resolv+ will log a warning of the error via the
-syslog facility.
-The default value is
-.IR off .
-.TP
-.I spoof
-Valid values are
-.IR off ,  nowarn  and  warn .
-If this option is set to
-.IR off ,
-spoofed addresses are permitted and no warnings will be emitted
-via the syslog facility.
-If this option is set to
-.IR warn ,
-resolv+ will attempt to prevent hostname spoofing to
-enhance the security and log a warning of the error via the syslog
-facility.
-If this option is set to
-.IR nowarn ,
-the resolv+ library will attempt to prevent hostname spoofing to
-enhance the security but not emit warnings via the syslog facility.
-Setting this option to anything else is equal to setting it to
-.IR nowarn .
-.TP
 .I reorder
 Valid values are
 .IR on  and  off .
@@ -133,15 +87,6 @@ override the behavior which is configured in
 If set, this variable points to a file that should be read instead of
 .IR /etc/host.conf .
 .TP
-.B RESOLV_SPOOF_CHECK
-Overrides the
-.IR nospoof ,  spoofalert  and  spoof
-commands in the same way as the
-.I spoof
-command is parsed.
-Valid values are
-.IR off ,  nowarn  and  warn .
-.TP
 .B RESOLV_MULTI
 Overrides the
 .I multi
@@ -184,6 +129,10 @@ can take arguments like
 .IR off ,  nowarn  and  warn .
 Line comments can appear anywhere and not only at the beginning of a line.
 .SS Historical
+The
+.BR nsswitch.conf (5)
+file is the modern way of controlling the order of host lookups.
+.PP
 In glibc 2.4 and earlier, the following keyword is recognized:
 .TP
 .I order
@@ -191,15 +140,67 @@ This keyword specifies how host lookups are to be 
performed.
 It should be followed by one or more lookup methods, separated by commas.
 Valid methods are
 .IR bind ,  hosts , and  nis .
-The
+.TP
 .B RESOLV_SERV_ORDER
-environment variable could be used to override the
-.I order
-command.
+Overrides the order command.
 .PP
-The
-.BR nsswitch.conf (5)
-file is the modern way of controlling the order of host lookups.
+Since glibc 2.0.7, the following keywords and environment variable have
+been recognized but never implemented:
+.TP
+.I nospoof
+Valid values are
+.IR on  and  off .
+If set to
+.IR on ,
+the resolv+ library will attempt to prevent hostname spoofing to
+enhance the security of
+.BR rlogin  and  rsh .
+It works as follows: after performing a host address lookup, resolv+
+will perform a hostname lookup for that address.
+If the two hostnames
+do not match, the query will fail.
+The default value is
+.IR off .
+.TP
+.I spoofalert
+Valid values are
+.IR on  and  off .
+If this option is set to
+.I on
+and the
+.I nospoof
+option is also set, resolv+ will log a warning of the error via the
+syslog facility.
+The default value is
+.IR off .
+.TP
+.I spoof
+Valid values are
+.IR off ,  nowarn  and  warn .
+If this option is set to
+.IR off ,
+spoofed addresses are permitted and no warnings will be emitted
+via the syslog facility.
+If this option is set to
+.IR warn ,
+resolv+ will attempt to prevent hostname spoofing to
+enhance the security and log a warning of the error via the syslog
+facility.
+If this option is set to
+.IR nowarn ,
+the resolv+ library will attempt to prevent hostname spoofing to
+enhance the security but not emit warnings via the syslog facility.
+Setting this option to anything else is equal to setting it to
+.IR nowarn .
+.TP
+.B RESOLV_SPOOF_CHECK
+Overrides the
+.IR nospoof ,  spoofalert  and  spoof
+commands in the same way as the
+.I spoof
+command is parsed.
+Valid values are
+.IR off ,  nowarn  and  warn .
 .SH SEE ALSO
 .BR gethostbyname (3),
 .BR hosts (5),
-- 
2.1.4


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org