1577265 – nospoof, spoof, and spoofalert were not implemented and apparently removed. (2022)

Description Peter E. 2018-05-11 14:58:48 UTC

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36Build Identifier: According to the man page for host.conf (5) - http://man7.org/linux/man-pages/man5/host.conf.5.html it states: Since glibc 2.0.7, the following keywords and environment variable have been recognized but never implemented: nospoof Valid values are on and off. If set to on, the resolver library will attempt to prevent hostname spoofing to enhance the security of rlogin and rsh. It works as follows: after performing a host address lookup, the resolver library will perform a hostname lookup for that address. If the two hostnames do not match, the query fails. The default value is off. spoofalert Valid values are on and off. If this option is set to on and the nospoof option is also set, the resolver library will log a warning of the error via the syslog facility. The default value is off. spoof Valid values are off, nowarn, and warn. If this option is set to off, spoofed addresses are permitted and no warnings will be emitted via the syslog facility. If this option is set to warn, the resolver library will attempt to prevent hostname spoofing to enhance the security and log a warning of the error via the syslog facility. If this option is set to nowarn, the resolver library will attempt to prevent hostname spoofing to enhance the security but not emit warnings via the syslog facility. Setting this option to anything else is equal to setting it to nowarn.Many users may have added nospoof to their /etc/host.conf file and this was simply ignored up until RHEL 7.4. But is now reporting an invalid command as of RHEL 7.5./etc/host.conf: line 6: bad command `nospoof on'This can cause a few issues on the server that will only be corrected by commenting out that line (or removing it). The man pages should probably be updated to remove those since they are no longer valid. Reproducible: AlwaysSteps to Reproduce:1. Have a RHEL 7.4 server and add "nospoof on" (sans quotes) to the /etc/host.conf file if it doesn't already exist.2. update to 7.5 3. watch that error appear with many of the commands you try to execute. Actual Results: Saw the error with several commands.yum updatewget https://someurl etc. Expected Results: No errors are expected. Related reference from the man-pages project change-loghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443http://man7.org/linux/man-pages/changelog.html (search the page for "host.conf")It seems that the nospoof command was never fully implemented despite being included in the manpage for /etc/host.conf. It was then entirely removed from the source code, which is now resulting in the errors that we're seeing with it.https://www.pclinuxos.com/forum/index.php?topic=143487.0https://bugs.centos.org/view.php?id=14762

Comment 2 Ondrej Vasik 2018-05-14 07:39:14 UTC

host.conf (5) manpage is part of man-pages package... Reassigning, as none of these is part of default host.conf coming with setup package.

Comment 3 Nikola Forró 2018-05-24 12:26:47 UTC

Created attachment 1441042 [details]host.conf.5: clarify glibc versions in which spoof options were recognized

Comment 4 Nikola Forró 2018-05-24 12:29:07 UTC

Peter, is this change sufficient?

Comment 5 Peter E. 2018-05-25 12:53:24 UTC

Hello Nikola, Yes, that should suffice. Thank you.(In reply to Nikola Forró from comment #4)> Peter, is this change sufficient?

Comment 13 Jan Houska 2018-08-17 12:48:48 UTC

VERIFIEDNew PASSman-pages-overrides-7.6.1-3.el7.In 'man host.conf'I agree with Comment 10. The Description is now consistent. Also close description of the mentioned options is now sane. """DESCRIPTION The file /etc/host.conf contains configuration information specific to the resolver library. It should contain one configuration keyword per line, followed by appropriate con‐ figuration information. The keywords recognized are trim, multi, and reorder. These keywords are described below. trim This keyword may be listed more than once. Each time it should be followed by a list of domains, separated by colons (':'), semicolons (';') or commas (','), with the leading dot. When set, the resolv+ library will automatically trim the given domain name from the end of any hostname resolved via DNS. This is intended for use with local hosts and domains. (Related note: trim will not affect hostnames gathered via NIS or the hosts file. Care should be taken to ensure that the first hostname for each entry in the hosts file is fully qualified or unqualified, as appropriate for the local installation.) multi Valid values are on and off. If set to on, the resolv+ library will return all valid addresses for a host that appears in the /etc/hosts file, instead of only the first. This is on by default. On systems with DNS, hosts files are much smaller and the performance loss of multiple search is negligible. On sites with large hosts files, turning it on may cause a substantial performance loss. reorder Valid values are on and off. If set to on, resolv+ will attempt to reorder host addresses so that local addresses (i.e., on the same subnet) are listed first when a gethostbyname(3) is performed. Reordering is done for all lookup methods. The default value is off. """"..."""OLD Fail:man-pages-overrides-7.5.2-1.el7"""DESCRIPTION The file /etc/host.conf contains configuration information specific to the resolver library. It should contain one configuration keyword per line, followed by appropriate con‐ figuration information. The keywords recognized are trim, multi, nospoof, spoof, and reorder. These keywords are described below. trim This keyword may be listed more than once. Each time it should be followed by a list of domains, separated by colons (':'), semicolons (';') or commas (','), with the leading dot. When set, the resolv+ library will automatically trim the given domain name from the end of any hostname resolved via DNS. This is intended for use with local hosts and domains. (Related note: trim will not affect hostnames gathered via NIS or the hosts file. Care should be taken to ensure that the first hostname for each entry in the hosts file is fully qualified or unqualified, as appropriate for the local installation.) multi Valid values are on and off. If set to on, the resolv+ library will return all valid addresses for a host that appears in the /etc/hosts file, instead of only the first. This is on by default. On systems with DNS, hosts files are much smaller and the performance loss of multiple search is negligible. On sites with large hosts files, turning it on may cause a substantial performance loss. nospoof Valid values are on and off. If set to on, the resolv+ library will attempt to prevent hostname spoofing to enhance the security of rlogin and rsh. It works as follows: after performing a host address lookup, resolv+ will perform a hostname lookup for that address. If the two hostnames do not match, the query will fail. The default value is off. spoofalert Valid values are on and off. If this option is set to on and the nospoof option is also set, resolv+ will log a warning of the error via the syslog facility. The default value is off. spoof Valid values are off, nowarn and warn. If this option is set to off, spoofed addresses are permitted and no warnings will be emitted via the syslog facility. If this option is set to warn, resolv+ will attempt to prevent hostname spoofing to enhance the security and log a warning of the error via the syslog facility. If this option is set to nowarn, the resolv+ library will attempt to prevent hostname spoofing to enhance the security but not emit warnings via the syslog facility. Setting this option to anything else is equal to setting it to nowarn. reorder Valid values are on and off. If set to on, resolv+ will attempt to reorder host addresses so that local addresses (i.e., on the same subnet) are listed first when a gethostbyname(3) is performed. Reordering is done for all lookup methods. The default value is off."""

Comment 16 errata-xmlrpc 2018-10-30 11:34:51 UTC

Since the problem described in this bug report should beresolved in a recent advisory, it has been closed with aresolution of ERRATA.For information on the advisory, and where to find the updatedfiles, follow the link below.If the solution does not work for you, open a new bug report.https://access.redhat.com/errata/RHBA-2018:3254

Top Articles

Latest Posts

Article information

Author: Trent Wehner

Last Updated: 12/02/2022

Views: 6513

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.