[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Ruby random UDP port bind in DNS resolver
From:       Lukas Zapletal <lzap () redhat ! com>
Date:       2014-10-30 16:04:02
Message-ID: 20141030160402.GE15804 () lzapx ! brq ! redhat ! com
[Download RAW message or body]

Hello,

in our software (Foreman) we use DNS resolver provided by Ruby runtime.
This is some kind of optimized thread-safe resolver which ships with the
Ruby platform.

The problem I am facing is that this implementation randomly binds UDP
port when DNS request is sent. Here is the code bit:

https://github.com/ruby/ruby/blob/trunk/lib/resolv.rb#L651-L660

This is there from Ruby 1.8.7 until now (trunk) as far as I can tell.

Since any Ruby application can leverage this API and expect the same
behavior, I'd like to ask if you encounter such an error in Fedora and
how do you recommend to solve this.

Have you experienced this kind of behavior with non-Ruby DNS clients?

Is it safe to allow UDP binds for all unprivileged ports?

How to do this technically in my policy?

Thanks.

-- 
Later,
 Lukas #lzap Zapletal
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
[prev in list] [next in list] [prev in thread] [next in thread]