This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/984] Respond to changed resolv.conf in gethostbyname
- From: "karl at thefrenches dot us" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 12 Aug 2016 13:25:33 +0000
- Subject: [Bug network/984] Respond to changed resolv.conf in gethostbyname
- Auto-submitted: auto-generated
- References: <bug-984-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=984
--- Comment #15 from Karl <karl at thefrenches dot us> ---
Any update?
This bug is now 11 years old and injects false notions into posiz compliant
code.
Caching the resolver should be avoided at all costs. There are methods to cache
the name lookups which should be used, but caching the resolver results in bad
results with Network Manager (installed by default by Red Hat) and any
modifications to the resolv.conf name servers.
The only way to address this currently is to reboot the server anytime the
resolver is modified. This is not practical and, again, Network Manager will
modify it after boot. I've already proven that nscd and sssd do not address
this break.
There's also a very real exploit here. A hacker could gain the ability to
modify the resolv.conf, restart apache, sendmail, or other app which is caching
the resolver information, place back the original resolv.conf and now use their
name servers to route web or smtp traffic to their sites.
--
You are receiving this mail because:
You are on the CC list for the bug.