On Wed, 18 Aug 2004, RSnake wrote:
I know this is pretty trivial, but I haven't seen anyone write anything
about this. I'm not sure how useful it really is as an attack vector, but:
"http://www.google.com./"; is a valid url in browsers (with the dot at the
end).
[ snip ]
As a side
note, nslookup and traceroute both ignored the trailing period, which actually
is okay behavior, but also makes them candidates if this sort of check is
performed before they are run with a system call.... Yup, as I said, pretty
trivial.
I think it should be pointed out that especially these tools (nslookup,
traceroute, etc.) are not "ignoring" the period. The trailing dot in a
domain name has a very specific meaning as the root domain. It
signifies that the end of the domain in question is really the end.
some.domain could also be subject to adding domain search suffixes.
some.domain. is literally some.domain.
Put another way, if mydomain.com is in your domain search path, then
if you look up myhost, it will fail by itself but succeed as
myhost.mydomain.com.
myhost. will fail, as mydomain.com will not be added to the end.
In any event. These things are all handled by the dns lookup
subsystems, usually not by the actual applications. They will just use
gethostbyname() or what have you, and it will do the rest.
(This is a user/app view of the trailing dot, not a dns zone file type
view where it affects whether to add the origin or not, but the meaning
is the same).
-R
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this email by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.
--
:wq
