[Xymon] Hostname validation (was Re: Xymon 4.3.29 Released - Important Security Update)
Axel Beckert
abe at deuxchevaux.org
Mon Aug 5 23:48:04 CEST 2019
Hi,
On Mon, Aug 05, 2019 at 05:21:33PM -0400, Richard L. Hamilton wrote:
> Seems to me that underscore is mainly a problem with address 0.0.0.0
> in hosts.cfg (name to IP address resolution via host naming
> services, esp. if that ends up being DNS). If an IP address in
> hosts.cfg is used, and the hostname there isn't used in some other
> way, I don't guess it would matter.
Hmmm, indeed
https://en.wikipedia.org/wiki/Domain_Name_System#Domain_name_syntax,_internationalization
as well as RFC 608, 810 and 952 say that no other characters than
letters, digits and hyphens are allowed.
I'm though quite sure to already have seen hostnames with underscore
and even a slash in the wild. The latter was though about 20 years ago
or so where I saw router names of a university with a slash in their
hostname.
Traces of hostnames with slashes can also be found on the web, e.g.
https://serverfault.com/questions/963735/syslog-ng-hostnames-with-slashes
And underscore is explicitly mentioned in
https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_hostnames
So IMHO while not being standard-compliant hostnames, Xymon should
accept at least hostnames with underscore, too.
On the other hand, I don't think, it's necessary to also add the slash
to the list of valid characters for hostnames as the dot is already in
there, too, and hostnames which are allowed to contain "/../" are
definitely no good. :-)
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
More information about the Xymon
mailing list