Bug 1030578 - perl-DBI: add warning about DBI::Proxy insecurity
perl-DBI: add warning about DBI::Proxy insecurity
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: perl-DBI (Show other bugs)
7.0
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: perl-maint-list
qe-baseos-daemons
: Patch
Depends On:
Blocks: 1030547
  Show dependency treegraph
 
Reported: 2013-11-14 12:40 EST by Florian Weimer
Modified: 2014-06-18 03:57 EDT (History)
3 users (show)

See Also:
Fixed In Version: perl-DBI-1.627-2.el7
Doc Type: Bug Fix
Doc Text:
Cause: Reading DBD::Proxy or DBI::ProxyServer Perl module documentation. Consequence: User is not warned about possible security flaws in proxied DBD connections. Fix: DBD::Proxy and DBI::ProxyServer Perl modules documentation has been amended with a security warning about insecure RPC::PlClient and Storable modules. Result: User is notified about security risks when proxying DBD request over a network.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-12 04:24:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Documentation enhancement (1.53 KB, patch)
2013-11-18 07:01 EST, Petr Pisar
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
CPAN 90475 None None None Never

  None (edit)
Description Florian Weimer 2013-11-14 12:40:38 EST
DBI::Proxy and DBI::ProxyServer are implemented with PlRPC, which is unsafe due to its use of PlRPC and Storable (bug 1030547).

We should at least add a very prominent warning to the documentation if we really need to ship this.
Comment 2 Petr Pisar 2013-11-18 07:01:51 EST
Created attachment 825568 [details]
Documentation enhancement

Proposed documentation enhancement has been posted to the upstream for a review.

Note You need to log in before you can comment on or make changes to this bug.