On 03/10/2015 12:27 AM, Stéphane Aulery wrote: > Move descriptions to historical section and reorder it for clarity Thanks, Stéphane. Applied. But please make patch titles shorter (<72 chars) --move text to the body of the commit message as needed. Thanks, Michael > Debian Bug #773443 reported by ygrex@xxxxxxxx > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443 > Signed-off-by: Stéphane Aulery <saulery@xxxxxxx> > --- > man5/host.conf.5 | 125 ++++++++++++++++++++++++++++--------------------------- > 1 file changed, 63 insertions(+), 62 deletions(-) > > diff --git a/man5/host.conf.5 b/man5/host.conf.5 > index 9ff2ed3..08da435 100644 > --- a/man5/host.conf.5 > +++ b/man5/host.conf.5 > @@ -66,52 +66,6 @@ This is > by default, as it may cause a substantial performance loss at sites > with large hosts files. > .TP > -.I nospoof > -Valid values are > -.IR on " and " off . > -If set to > -.IR on , > -the resolv+ library will attempt to prevent hostname spoofing to > -enhance the security of > -.BR rlogin " and " rsh . > -It works as follows: after performing a host address lookup, resolv+ > -will perform a hostname lookup for that address. > -If the two hostnames > -do not match, the query will fail. > -The default value is > -.IR off . > -.TP > -.I spoofalert > -Valid values are > -.IR on " and " off . > -If this option is set to > -.I on > -and the > -.I nospoof > -option is also set, resolv+ will log a warning of the error via the > -syslog facility. > -The default value is > -.IR off . > -.TP > -.I spoof > -Valid values are > -.IR off ", " nowarn " and " warn . > -If this option is set to > -.IR off , > -spoofed addresses are permitted and no warnings will be emitted > -via the syslog facility. > -If this option is set to > -.IR warn , > -resolv+ will attempt to prevent hostname spoofing to > -enhance the security and log a warning of the error via the syslog > -facility. > -If this option is set to > -.IR nowarn , > -the resolv+ library will attempt to prevent hostname spoofing to > -enhance the security but not emit warnings via the syslog facility. > -Setting this option to anything else is equal to setting it to > -.IR nowarn . > -.TP > .I reorder > Valid values are > .IR on " and " off . > @@ -133,15 +87,6 @@ override the behavior which is configured in > If set, this variable points to a file that should be read instead of > .IR /etc/host.conf . > .TP > -.B RESOLV_SPOOF_CHECK > -Overrides the > -.IR nospoof ", " spoofalert " and " spoof > -commands in the same way as the > -.I spoof > -command is parsed. > -Valid values are > -.IR off ", " nowarn " and " warn . > -.TP > .B RESOLV_MULTI > Overrides the > .I multi > @@ -184,6 +129,10 @@ can take arguments like > .IR off ", " nowarn " and " warn . > Line comments can appear anywhere and not only at the beginning of a line. > .SS Historical > +The > +.BR nsswitch.conf (5) > +file is the modern way of controlling the order of host lookups. > +.PP > In glibc 2.4 and earlier, the following keyword is recognized: > .TP > .I order > @@ -191,15 +140,67 @@ This keyword specifies how host lookups are to be performed. > It should be followed by one or more lookup methods, separated by commas. > Valid methods are > .IR bind ", " hosts ", and " nis . > -The > +.TP > .B RESOLV_SERV_ORDER > -environment variable could be used to override the > -.I order > -command. > +Overrides the order command. > .PP > -The > -.BR nsswitch.conf (5) > -file is the modern way of controlling the order of host lookups. > +Since glibc 2.0.7, the following keywords and environment variable have > +been recognized but never implemented: > +.TP > +.I nospoof > +Valid values are > +.IR on " and " off . > +If set to > +.IR on , > +the resolv+ library will attempt to prevent hostname spoofing to > +enhance the security of > +.BR rlogin " and " rsh . > +It works as follows: after performing a host address lookup, resolv+ > +will perform a hostname lookup for that address. > +If the two hostnames > +do not match, the query will fail. > +The default value is > +.IR off . > +.TP > +.I spoofalert > +Valid values are > +.IR on " and " off . > +If this option is set to > +.I on > +and the > +.I nospoof > +option is also set, resolv+ will log a warning of the error via the > +syslog facility. > +The default value is > +.IR off . > +.TP > +.I spoof > +Valid values are > +.IR off ", " nowarn " and " warn . > +If this option is set to > +.IR off , > +spoofed addresses are permitted and no warnings will be emitted > +via the syslog facility. > +If this option is set to > +.IR warn , > +resolv+ will attempt to prevent hostname spoofing to > +enhance the security and log a warning of the error via the syslog > +facility. > +If this option is set to > +.IR nowarn , > +the resolv+ library will attempt to prevent hostname spoofing to > +enhance the security but not emit warnings via the syslog facility. > +Setting this option to anything else is equal to setting it to > +.IR nowarn . > +.TP > +.B RESOLV_SPOOF_CHECK > +Overrides the > +.IR nospoof ", " spoofalert " and " spoof > +commands in the same way as the > +.I spoof > +command is parsed. > +Valid values are > +.IR off ", " nowarn " and " warn . > .SH SEE ALSO > .BR gethostbyname (3), > .BR hosts (5), > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
