reopen 491809 thanks * Pierre Habouzit:
> Kaminsky agrees confirm the issue, so I can say for sure that the > glibc isn't vulnerable to the attack he describes, as it needs a > resolver that caches additionnal RRs, which the glibc doesn't do. > As of attacks that would use non randomized source port use, this is > addressed by recent kernels hence is fixed enough. I've trouble parsing what you wrote. Based on information provided at the DNS summit, I do think we should harden the glibc stub resolver. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]