Comment 26 for bug 32906
Revision history for this message
| Dorin Lazăr (dorin-lazar) wrote Re: sudo shouldn’t ABSOLUTELY NEED to look up the host it’s running on | #26 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Just because applications like gnome-terminal or mc are broken doesn't mean that on your local box there should definitely be no resolving done. Or if there is some kind of resolving done, resolve 127.0.0.1 or localhost (just to be not so IP-minded)
But I see NO reason for sudo to make any DNS resolving unless necessary. And it's not necessary for any kind of local work. There is no sane use-case for sudo to resolve the localhost unless enforced by policy, but even then the policy is wrong.
Why is it wrong? You're on your local machine, you definitely need no network working, there definitely shouldn't be ANY networking done, and any networking done during local privileges raising should be seen as a security threat.
mc is wrong to resolve hostnames during startup because, well, it doesn't start with a network view. gnome-terminal is simply broken if it needs to resolve any kind of hostname during startup.
Just because it's a general solution doesn't mean it's a good solution. What's local should stay local, and I might suspect a security flaw in sudo if it does DNS resolving for localhost :)