Bug#789006: myhostname must not take precedence over dns

Sat, 20 Jun 2015 07:39:27 -0700 

Control: tags -1 confirmed patch

On Wed, 17 Jun 2015 01:59:59 +0100 Ben Hutchings <b...@decadent.org.uk> wrote:
> Package: libnss-myhostname
> Version: 220-5
> Severity: important
>
> libnss-myhostname not only resolves the configured hostname to local
> IP addresses, but also 'gateway' to all the gateways.  As the postinst
> inserts myhostname in /etc/nsswitch.conf ahead of dns, this overrides
> DNS reverse name lookup for the gateway.
>
> I just discovered this because it broke the SSH remote host filtering
> on one computer - the computer allowed to connect to it is also the
> gateway router, but it is now seen as 'gateway' and not the name it
> has in DNS.
>
> The manual page states clearly that this module should be used after
> dns; please follow this advice and put it last on the hosts line.

mymachines has the same problem.

Attached is a patch that adds them at the end instead of after files.

Saludos

diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst
index dd1ee19..9fec7a3 100644
--- a/debian/libnss-myhostname.postinst
+++ b/debian/libnss-myhostname.postinst
@@ -15,17 +15,16 @@ insert_nss_entry() {
     fi
     perl -i -pe '
         sub insert {
+            my $line = shift;
             # this also splits on tab
-            my @bits=split(" ", shift);
+            my @bits=split(" ", $line);
             # do not break configuration if the "hosts" line already references
             # myhostname
             if (grep { $_ eq "myhostname"} @bits) {
-                return join " ", @bits;
+                return $line;
             }
-            # change "files" into "files myhostname"
-            return join " ", map {
-                $_ eq "files" ? ("$_","myhostname") : $_
-            } @bits;
+            # add myhostname at the end
+            return $line . " myhostname";
         }
         s/^(hosts:\s+)(.*)/$1.insert($2)/e;
     ' /etc/nsswitch.conf
diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst
index 8c9dc02..f4b3f5c 100644
--- a/debian/libnss-mymachines.postinst
+++ b/debian/libnss-mymachines.postinst
@@ -15,17 +15,16 @@ insert_nss_entry() {
     fi
     perl -i -pe '
         sub insert {
+            my $line = shift;
             # this also splits on tab
-            my @bits=split(" ", shift);
+            my @bits=split(" ", $line);
             # do not break configuration if the "hosts" line already references
             # mymachines
             if (grep { $_ eq "mymachines"} @bits) {
-                return join " ", @bits;
+                return $line;
             }
-            # change "files" into "files mymachines"
-            return join " ", map {
-                $_ eq "files" ? ("$_","mymachines") : $_
-            } @bits;
+            # add mymachines at the end
+            return $line . " mymachines";
         }
         s/^(hosts:\s+)(.*)/$1.insert($2)/e;
     ' /etc/nsswitch.conf

Reply via email to