[Bug 2516] ssh client shouldn't trust the DNS AD bit blindly

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Dec 12 11:56:12 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2516

--- Comment #2 from scott-mindrot at shambarger.net ---
The ssh process, (through libresolv, libldns or whatever), is
processing a DNS packet from an untrusted third party resolver (it
sends and receives DNS packets directly with the resolv.conf server, eg
coffee shop router)... not sure who else is supposed to decide that the
AD bit is untrusted at that point?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list