Hello, The man page for nss-myhostname: http://www.freedesktop.org/software/systemd/man/nss-myhostname.html suggests that myhostname should be used as a last entry in /etc/nsswitch.conf: "It is recommended to put myhostname last in the nsswitch.conf line to make sure that this mapping is only used as fallback, and any DNS or /etc/hosts based mapping takes precedence."
This may be risky because an attacker that knows the system hostname and can control DNS query results (by MITM attacks, i.e. after breaking into a home gateway) is able to redirect requests to the local host to a machine of his control. For example if I opened "http://mateusz-ubuntu:631"; in a web browser, and logged in there, an attacker could gain access to my CUPS user pasword. On the other hand, an attacker that is able to listen to DNS queries can get knowledge of the local hostname (because it usually does not contain any dots) and that way identify a person behind a particular IP address (and/or gain some knowledge of his software / hardware - for example my hostname is mateusz-ubuntu). -- Greetings, Mateusz Jończyk AEI, Informatyka, Semestr 3 Magisterskich, BDiIS _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
