Bug 1030578 - perl-DBI: add warning about DBI::Proxy insecurity
Summary: perl-DBI: add warning about DBI::Proxy insecurity
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: perl-DBI
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: perl-maint-list
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 1030547
TreeView+ depends on / blocked
 
Reported: 2013-11-14 17:40 UTC by Florian Weimer
Modified: 2014-06-18 07:57 UTC (History)
3 users (show)

Fixed In Version: perl-DBI-1.627-2.el7
Doc Type: Bug Fix
Doc Text:
Cause: Reading DBD::Proxy or DBI::ProxyServer Perl module documentation. Consequence: User is not warned about possible security flaws in proxied DBD connections. Fix: DBD::Proxy and DBI::ProxyServer Perl modules documentation has been amended with a security warning about insecure RPC::PlClient and Storable modules. Result: User is notified about security risks when proxying DBD request over a network.
Clone Of:
Environment:
Last Closed: 2014-06-12 08:24:53 UTC
Target Upstream Version:


Attachments (Terms of Use)
Documentation enhancement (1.53 KB, patch)
2013-11-18 12:01 UTC, Petr Pisar
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
CPAN 90475 0 None None None Never

Description Florian Weimer 2013-11-14 17:40:38 UTC
DBI::Proxy and DBI::ProxyServer are implemented with PlRPC, which is unsafe due to its use of PlRPC and Storable (bug 1030547).

We should at least add a very prominent warning to the documentation if we really need to ship this.

Comment 2 Petr Pisar 2013-11-18 12:01:51 UTC
Created attachment 825568 [details]
Documentation enhancement

Proposed documentation enhancement has been posted to the upstream for a review.


Note You need to log in before you can comment on or make changes to this bug.