https://bugzilla.redhat.com/show_bug.cgi?id=874942 Bug ID: 874942 QA Contact: extras-qa@xxxxxxxxxxxxxxxxx Severity: high External Bug URL: http://rt.cpan.org/Public/ Version: rawhide Priority: unspecified CC: mmaslano@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, psabata@xxxxxxxxxx Assignee: mmaslano@xxxxxxxxxx Summary: Net-DNS: system configuration is used instead of user's Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: mmaslano@xxxxxxxxxx Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: perl-Net-DNS Product: Fedora External Bug ID: CPAN 67602 If I define my own configuration file, system files are used, which could be security issue. Example: My configuration file is defined as: my $res = Net::DNS::Resolver->new(config_file => '/my/dns.conf'); These files are read even if I defined my own file: /etc/resolv.conf $HOME/.resolv.conf ./.resolv.conf Last 2 files shouldn't be read by default since it's possible security issue - user can drop .resolv.conf pointing to malicious dns server. This issue was found during testing spamassassin with selinux. For details see: https://bugzilla.redhat.com/sh ow_bug.cgi?id=628866#c2 I'm reporting this error back into our bugzilla because of last comment in rt: I think the level of this PR should be elevated to 'security'. -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
