DNS caching disabled for 12.10...still
Daniel J Blueman
daniel at quora.org
Mon Oct 8 14:06:10 UTC 2012
On 8 October 2012 13:24, Jordon Bedwell <jordon at envygeeks.com> wrote:
> On Sun, Oct 7, 2012 at 10:47 PM, Daniel J Blueman <daniel at quora.org> wrote:
>> Can you elaborate the specific reasons/mechanisms why without per-user
>> caching, dnsmasq is still a security weakness? At least these views
>> should be shared upstream so we can work on resolving the issues.
>
> It's a subjective security issue IMO. Pretty flawed in some cases, in
> others it sounds like the guy who only pokes the bear while it's in
> the cage and if the cage is nowhere to be found then it's game over,
> won't even go near it. What I am saying is for the average user it's
> a case of why are you letting them on your PC at all if you do not
> have a single ounce of trust and absolutely need per-user caching
> because you fear they will attempt to poison you. For other
> environments it's another situation but those environments are the
> rule apparently and not the exception... even though they are the
> minority IMO.
Subjective of not, there was a list of reasons which will added up to
"let's disable it"; I really think we should get this list
(particularly since upstream and other distros allow the caching) and
reevaluate. It's too late for the release, sure.
Anyone?
Daniel
--
Daniel J Blueman
More information about the Ubuntu-devel-discuss
mailing list