On Wed, 2014-04-30 at 13:22 -0400, Paul Wouters wrote: > On Wed, 30 Apr 2014, Robert Marcano wrote: > > > What about domain and search lines? If NetworkManager will always use > > 127.0.0.1, it should still modify resolv.conf with the domain name received > > from DHCP > > That's actually not always correct from a security point of view. > > If you set your system do have domain "nohats.ca", and you "ssh bofh" > and then some DHCP changes the domain/search list, you might not be > going where you think you are going. > > IMHO, DHCP should never touch the domain or search list _unless_ you are > connecting to a trusted network - where trusted for practical reasons is > defined as "you plug in a wire or use a wifi WPA secret to connect". Untrusted networks use WPA too, like coffee shops that don't leave the network open, but write the WPA key on the chalkboard menu or print it on standup cards at the tables. I've seen quite a few of these. There's really no guessing what's trusted/not-trusted unless you're using 802.1x/WPA Enterprise, or if the user has told you explicitly to trust this network. Dan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
