I can't imagine the effort involved in hardening all applications to treat the hostname as untrusted input.
ISPs that sell vservers are really no different from Intel or AMD or whoever makes your CPU -- you trust them completely and totally with your data, your executables, and your entire operating environment. They can inject anything they wish into your system's memory whenever they wish. Making sure the dhcp clients don't allow setting these kinds of hostnames however, that might be a good idea. Enforcing the usual dns guidelines of a-zA-Z0-9-_ might be worthwhile.. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507025 Title: Shell Command Injection with the hostname To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
