This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: DNS Resolver library testing
- From: Ángel González <keisial at gmail dot com>
- To: "Holliday, Robert" <rhollida at ciena dot com>
- Cc: "libc-help at sourceware dot org" <libc-help at sourceware dot org>
- Date: Sat, 22 Aug 2015 00:30:00 +0200
- Subject: Re: DNS Resolver library testing
- Authentication-results: sourceware.org; auth=none
- References: <9B8F4BBDF8AAA54693083BC8753AE3A70AB642B9A8 at ONWVEXCHMB05 dot ciena dot com>
On 21/08/15 23:43, Holliday, Robert wrote:
Is there a contact with the GLIBC library, that would be willing to work with Codenomicon,
to scan the DNS Resolver library, and report the vulnerabilities to the GLIBC community,
which would help get them fixed and make the DNS library used more secure?
Please contact cross@codenomicon.com. They have worked with many other
open source projects to make them less vulnerable. I am not able to get the
DNS library scanned by them, they will only work with members of the GLIBC team.
Thanks.
If you already have the tool, and have already found
"many zero-day vulnerabilities" on it, why is the contact to codenomicon needed?
I mean, I welcome that it gets fuzzed and codenomicon offers that, but IMHO that should be *in addition* of reporting (and fixing) the vulnerabilities you already found, which should be step 1…