URL: https://github.com/SSSD/sssd/pull/5268 Title: #5268: (WiP) proxy_child hardening
alexey-tikhonov commented: """ > I will keep "changes requested" label to: ... > * investigate if DNS impose more strict reqs on the domain name than what > is currently stated in the man page (thank @sumit-bose for the hint) This is tricky. https://tools.ietf.org/html/rfc1034#section-3.5 "Preferred name syntax" https://tools.ietf.org/html/rfc1123#section-2.1 "Host Names and Numbers" https://tools.ietf.org/html/rfc2181#section-11 "Name syntax" If I read those ^^ docs correctly, conclusion is very much like: ``` The characters allowed in labels are a subset of the ASCII character set, consisting of characters a through z, A through Z, digits 0 through 9, and hyphen. This rule is known as the LDH rule (letters, digits, hyphen). Domain names are interpreted in case-independent manner. Labels may not start or end with a hyphen. ``` This means 2 additional restrictions to the current statement in SSSD man page: 1) no "underscores" 2) labels may not start or end with a hyphen (and also `dash` in the man page should be replaced with `hyphen`) I think (2) is fine, but I'm somewhat worried with (1) - this probably might break existing configs. @sumit-bose , what would you think? """ See the full comment at https://github.com/SSSD/sssd/pull/5268#issuecomment-764848735
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
