Ruby random UDP port bind in DNS resolver
Lukas Zapletal
lzap at redhat.com
Thu Oct 30 16:04:02 UTC 2014
Hello,
in our software (Foreman) we use DNS resolver provided by Ruby runtime.
This is some kind of optimized thread-safe resolver which ships with the
Ruby platform.
The problem I am facing is that this implementation randomly binds UDP
port when DNS request is sent. Here is the code bit:
https://github.com/ruby/ruby/blob/trunk/lib/resolv.rb#L651-L660
This is there from Ruby 1.8.7 until now (trunk) as far as I can tell.
Since any Ruby application can leverage this API and expect the same
behavior, I'd like to ask if you encounter such an error in Fedora and
how do you recommend to solve this.
Have you experienced this kind of behavior with non-Ruby DNS clients?
Is it safe to allow UDP binds for all unprivileged ports?
How to do this technically in my policy?
Thanks.
--
Later,
Lukas #lzap Zapletal
More information about the selinux
mailing list