6.0.0-git
2019-07-21

[#13039] DNS lib should not have to read /etc/resolv.conf
Summary DNS lib should not have to read /etc/resolv.conf
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Rejected
Priority 1. Low
Owners
Requester software-horde (at) interfasys (dot) ch
Created 2014-03-12 (1957 days ago)
Due
Updated 2015-09-29 (1391 days ago)
Assigned
Resolved 2014-03-12 (1957 days ago)
Milestone
Patch No

History
2015-09-29 08:54:56 arjen+horde (at) de-korte (dot) org Comment #4 Reply to this comment
Horde doesn't set

php_admin_value open_basedir
"/usr/share/horde:/etc/horde:/usr/share/pear:/tmp:/usr/share/php"

Whoever bundled Horde with this needs to fix this to allow access to 
this file. This is not something the Horde developers can fix. As 
stated before, there is nothing unsafe about accessing this file.
2015-09-29 08:21:35 robert (dot) kovacs (dot) it (at) gmail (dot) com Comment #3 Reply to this comment
There is nothing unsafe about using resolv.conf if it's available.
The question is not if it's safe or unsafe.
The issue is that there is an open_basedir definition for php that 
limits access to certain directories while
Dns.php wants to access /etc/resolv.conf.

Please read https://bugzilla.redhat.com/show_bug.cgi?id=1022577

cheers,
Robert
2014-03-12 12:10:09 Jan Schneider Comment #2
State ⇒ Rejected
Reply to this comment
There is nothing unsafe about using resolv.conf if it's available.
2014-03-12 11:13:22 software-horde (at) interfasys (dot) ch Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ DNS lib should not have to read /etc/resolv.conf
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
Reply to this comment
I've found this in my debug logs:
2014-03-12T11:02:49+00:00 WARN: HORDE [turba] PHP ERROR: 
is_readable(): open_basedir restriction in effect. 
File(/etc/resolv.conf) is not within the allowed path(s) [pid 49217 on 
line 15 of "/usr/local/php/lib/php/Horde/Core/Factory/Dns.php"]

Since this is only a warning, I'm assuming Turba is using a different 
mechanism to resolve domain names, but wouldn't it be possible to set 
the safer way as the standard behaviour?

Saved Queries