Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Mar 2018 14:27:42 +0200
From: Quentin Rameau <quinq@...th.space>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] resolv.conf parser: concatenate multiple search
 domain lines

Hi William,

> Programs such as Docker and Kubernetes write multiple domain search
> lines, such as
> 
> search serious-business.big-data.prod.foo.com
> search big-data.prod.foo.com
> search prod.foo.com
> 
> instead of
> 
> search serious-business.big-data.prod.foo.com big-data.prod.foo.com
> prod.foo.com
> 
> Accordingly, we concatenate the namelist together so that the search
> path is not truncated.

I think this patch should be sent to Docker and Kubernetes instead of
pushing a mitigation for their bug in the libc.

According to documentation, “The domain and search keywords are
mutually exclusive.  If more than one instance of these keywords is
present, the last instance wins.”

This patch would break existing applications relying on documented
behaviour.

- Quentin

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ