> On Apr 17, 2020, at 3:59 PM, Florian Weimer <f...@deneb.enyo.de> wrote:
>
> I don't think it's a gaping security hole. The scope of the flags
> change in dns_query is really small, so it affects that one query
> only. If some library used by Postfix depends on RES_TRUSTAD in its
> intended meaning, it will not be impacted.
Correct, Postfix sets the flag, makes a query, and then restores
the prevailing value. Postfix is not multi-threaded, so there
is no impact on any other libraries that might use DNS.
So if LDAP, PostgreSQL, MySQL, ... happen to want to do something
with the AD bit, the Postfix patch does not affect their behaviour.
--
Viktor.
