Linux HackFest Series: Evil /etc/hosts file

Alex Dean alex at crackpot.org
Thu Dec 11 19:50:47 MST 2008


On Dec 10, 2008, at 12:27 PM, Lisa Kachold wrote:

> Trust is the basis for all security.
>
> The "evil" /etc/hosts file would look like this:
>
> # /etc/hosts
> 127.0.0.1   hostname localhost localhost.localdomain
>
> # end
>
> A good /etc/hosts file appears:
>
> # /etc/hosts
> 127.0.0.1   localhost localhost.localdomain
> 192.168.6.66   hostname
>
> # end

BTW, an /etc/hosts file like the first one will also mess up an Apache  
SSL virtual host for hostname.

Given something like this:
<VirtualHost *:443>
   ServerName hostname
</VirtualHost>

Apache will resolve 'hostname' to 127.0.0.1 when it starts up.  When a  
new SSL request comes in for 192.168.6.66, you've got breakage.

  sudo httpd -t -D DUMP_VHOSTS

will let you see how Apache has parsed your virtual hosts, and you  
would be able to see an SSL site reported as 127.0.0.1 in this  
situation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081211/aed67155/attachment.pgp 


More information about the PLUG-discuss mailing list