[Bug 1052] New: acls relying on names should not rely on cached DNS resu

To:	pcp@xxxxxxxxxxx
Subject:	[Bug 1052] New: acls relying on names should not rely on cached DNS results
From:	bugzilla-daemon@xxxxxxxxxxx
Date:	Fri, 11 Apr 2014 15:25:53 +0000
Auto-submitted:	auto-generated
Delivered-to:	pcp@xxxxxxxxxxx

Bug ID	1052
Summary	acls relying on names should not rely on cached DNS results
Product	pcp
Version	unspecified
Hardware	All
OS	Linux
Status	NEW
Severity	major
Priority	P5
Component	pcp
Assignee	pcp@kenj.com.au
Reporter	fche@redhat.com
CC	pcp@oss.sgi.com
Classification	Unclassified

In libpcp/src/access.c, DNS resolution for ACL entries is done
once, at __pmAccAddHost() time (generally the startup time of
the daemon).  This ignore the possibility of DNS entries
changing.  Given that there appears to be no posix resolver API
that lets apps know the TTL of DNS information they supply, the
app can really only use the the DNS data instantaneously.

So it seems to me that we would need to do the ACL name->address
resolution at __pmAccAddClient time (whenever clients connect).
Perhaps we can add a little cache-TTL of our own, if the libc
resolvers turn out measurably too slow.

Related, getmyhostid() in libpcp/src/access.c shouldn't
imagine that there is a single "real IP address" for the host,
nor that it is unchanging.

You are receiving this mail because:

You are on the CC list for the bug.

<Prev in Thread]	Current Thread	[Next in Thread>
[Bug 1052] New: acls relying on names should not rely on cached DNS results, bugzilla-daemon <=

Previous by Date:	Re: pcp updates: kenj merge, numastat, memleak fixes, qa, qa, qa, Frank Ch. Eigler
Next by Date:	signal pmlogger, Martins Innus
Previous by Thread:	pcp updates: kenj merge, numastat, memleak fixes, qa, qa, qa, Nathan Scott
Next by Thread:	signal pmlogger, Martins Innus
Indexes:	[Date] [Thread] [Top] [All Lists]