6.0.0-beta1
7/7/25

[#13039] DNS lib should not have to read /etc/resolv.conf
Summary DNS lib should not have to read /etc/resolv.conf
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Rejected
Priority 1. Low
Owners
Requester software-horde (at) interfasys (dot) ch
Created 03/12/2014 (4135 days ago)
Due
Updated 09/29/2015 (3569 days ago)
Assigned
Resolved 03/12/2014 (4135 days ago)
Milestone
Patch No

History
09/29/2015 08:54:56 AM arjen+horde (at) de-korte (dot) org Comment #4 Reply to this comment
Horde doesn't set

php_admin_value open_basedir
"/usr/share/horde:/etc/horde:/usr/share/pear:/tmp:/usr/share/php"

Whoever bundled Horde with this needs to fix this to allow access to 
this file. This is not something the Horde developers can fix. As 
stated before, there is nothing unsafe about accessing this file.
09/29/2015 08:21:35 AM robert (dot) kovacs (dot) it (at) gmail (dot) com Comment #3 Reply to this comment
There is nothing unsafe about using resolv.conf if it's available.
The question is not if it's safe or unsafe.
The issue is that there is an open_basedir definition for php that 
limits access to certain directories while
Dns.php wants to access /etc/resolv.conf.

Please read https://bugzilla.redhat.com/show_bug.cgi?id=1022577

cheers,
Robert
03/12/2014 12:10:09 PM Jan Schneider Comment #2
State ⇒ Rejected
Reply to this comment
There is nothing unsafe about using resolv.conf if it's available.
03/12/2014 11:13:22 AM software-horde (at) interfasys (dot) ch Comment #1
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ Horde Framework Packages
Summary ⇒ DNS lib should not have to read /etc/resolv.conf
Type ⇒ Enhancement
State ⇒ New
Reply to this comment
I've found this in my debug logs:
2014-03-12T11:02:49+00:00 WARN: HORDE [turba] PHP ERROR: 
is_readable(): open_basedir restriction in effect. 
File(/etc/resolv.conf) is not within the allowed path(s) [pid 49217 on 
line 15 of "/usr/local/php/lib/php/Horde/Core/Factory/Dns.php"]

Since this is only a warning, I'm assuming Turba is using a different 
mechanism to resolve domain names, but wouldn't it be possible to set 
the safer way as the standard behaviour?

Saved Queries