This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/13935] getaddrinfo NXDOMAIN hijack exploit for hosts with two-component hostnames
- From: "nagle at sitetruth dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 24 Aug 2012 16:46:14 +0000
- Subject: [Bug network/13935] getaddrinfo NXDOMAIN hijack exploit for hosts with two-component hostnames
- Auto-submitted: auto-generated
- References: <bug-13935-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13935
--- Comment #4 from John Nagle <nagle at sitetruth dot com> 2012-08-24 16:46:14 UTC ---
This bug was filed before the vast expansion of TLDs. There may be new
exploits possible once there are hundreds of new TLDs. One implication of all
the new TLDs is that single-word domains (especially corporate domains, like
WALMART) may have to be resolved on a routine basis.
This has been discussed in the browser community, but it has implications here,
too.
I'm not sure what to do here, but someone needs to be coming up with a standard
solution to this.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.