hesiod
hesiod copied to clipboard
achernya
A couple of potential security bugs
Hi, I got a couple of bug reports today that affect the client library. #1332508 is largely about checks that we have around getenv() no longer being sufficient, and #1332493 is about avoiding inadvertently switching to querying MIT's hesiod data.
I've got a proposed patch attached to each, and can open PRs for merging them, but if you'd prefer a different approach, I'm happy to rework them or wait.
Patch in #1332508 looks good as-is, submit a PR.
#1153517 I am not so sure about. Hesiod fundamentally does not support DNSSEC; root accounts/injection should be prevented by using something like nss_nonlocal. I'd say submit a separate PR for it, but I'll have to involve some other MIT Athena people for comment before merging it.
