[Bug 1588230] Re: systemd-resolved uses domain limited DNS servers for all requests potentially a privacy issue
Launchpad Bug Tracker
1588230 at bugs.launchpad.net
Fri Sep 30 06:30:14 UTC 2016
This bug was fixed in the package systemd - 231-9
---------------
systemd (231-9) unstable; urgency=medium
* pid1: process zero-length notification messages again.
Just remove the assertion, the "n" value was not used anyway. This fixes
a local DoS due to unprocessed/unclosed fds which got introduced by the
previous fix. (Closes: #839171) (LP: #1628687)
* pid1: Robustify manager_dispatch_notify_fd()
* test/networkd-test.py: Add missing writeConfig() helper function.
-- Martin Pitt <martin.pitt at ubuntu.com> Thu, 29 Sep 2016 23:39:24
+0200
** Changed in: systemd (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1588230
Title:
systemd-resolved uses domain limited DNS servers for all requests
potentially a privacy issue
Status in systemd:
New
Status in systemd package in Ubuntu:
Fix Released
Bug description:
When configuring a DNS server for a link for specific domains (via the
Domains= ~foo syntax) systemd-resolved correctly routes requests for
those domains to that DNS server. However even without ~. on the list
it also routes all other requests there (and in parallel to the
primary servers) appearing to pick the fastest responder. This (to my
mind) represents a privacy issue as requests that that DNS server is
not intended to see are routed there.
I would have expected the ~. syntax to allow me to request this
behaviour and in its absence to not see general requests routed to
these servers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1588230/+subscriptions
More information about the foundations-bugs
mailing list