On Wed, 30 Apr 2014, Robert Marcano wrote:

What about domain and search lines? If NetworkManager will always use 127.0.0.1, it should still modify resolv.conf with the domain name received from DHCP

That's actually not always correct from a security point of view.

If you set your system do have domain "nohats.ca", and you "ssh bofh"
and then some DHCP changes the domain/search list, you might not be
going where you think you are going.

IMHO, DHCP should never touch the domain or search list _unless_ you are
connecting to a trusted network - where trusted for practical reasons is
defined as "you plug in a wire or use a wifi WPA secret to connect".

No open wifi should ever modify your search list. If it does that now,
it is a security bug.

Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Reply via email to