This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: DNS Resolver library testing

From: Ángel González <keisial at gmail dot com>
To: "Holliday, Robert" <rhollida at ciena dot com>
Cc: "libc-help at sourceware dot org" <libc-help at sourceware dot org>
Date: Sat, 22 Aug 2015 00:30:00 +0200
Subject: Re: DNS Resolver library testing
Authentication-results: sourceware.org; auth=none
References: <9B8F4BBDF8AAA54693083BC8753AE3A70AB642B9A8 at ONWVEXCHMB05 dot ciena dot com>

On 21/08/15 23:43, Holliday, Robert wrote:

Is there a contact with the GLIBC library, that would be willing to work with Codenomicon,
to scan the DNS Resolver library, and report the vulnerabilities to the GLIBC community,
which would help get them fixed and make the DNS library used more secure?

Please contact cross@codenomicon.com. They have worked with many other
open source projects to make them less vulnerable. I am not able to get the
DNS library scanned by them, they will only work with members of the GLIBC team.

Thanks.

If you already have the tool, and have already found

"many zero-day vulnerabilities" on it, why is the contact to codenomicon needed?

I mean, I welcome that it gets fuzzed and codenomicon offers that, but IMHO that should be *in addition* of reporting (and fixing) the vulnerabilities you already found, which should be step 1…

Follow-Ups:
- RE: DNS Resolver library testing
  - From: Holliday, Robert

References:
- RE: DNS Resolver library testing
  - From: Holliday, Robert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]