[Bug 874942] New: Net-DNS: system configuration is used instead of user's
bugzilla at redhat.com
bugzilla at redhat.com
Fri Nov 9 07:01:59 UTC 2012
https://bugzilla.redhat.com/show_bug.cgi?id=874942
Bug ID: 874942
QA Contact: extras-qa at fedoraproject.org
Severity: high
External Bug URL: http://rt.cpan.org/Public/
Version: rawhide
Priority: unspecified
CC: mmaslano at redhat.com,
perl-devel at lists.fedoraproject.org, psabata at redhat.com
Assignee: mmaslano at redhat.com
Summary: Net-DNS: system configuration is used instead of
user's
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: mmaslano at redhat.com
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: perl-Net-DNS
Product: Fedora
External Bug ID: CPAN 67602
If I define my own configuration file, system files are used, which could be
security issue. Example: My configuration file is defined as: my $res =
Net::DNS::Resolver->new(config_file => '/my/dns.conf'); These files are read
even if I defined my own file: /etc/resolv.conf $HOME/.resolv.conf
./.resolv.conf Last 2 files shouldn't be read by default since it's possible
security issue - user can drop .resolv.conf pointing to malicious dns server.
This issue was found during testing spamassassin with selinux. For details see:
https://bugzilla.redhat.com/sh ow_bug.cgi?id=628866#c2
I'm reporting this error back into our bugzilla because of last comment in rt:
I think the level of this PR should be elevated to 'security'.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list