On Sun, Apr 19, 2020 at 02:16:01PM -0400, Viktor Dukhovni wrote: > On Sun, Apr 19, 2020 at 08:02:41PM +0200, Matus UHLAR - fantomas wrote: > > > On 19.04.20 13:11, Wietse Venema wrote: > > > > >Warning: libc-musl breaks DANE/TLSA security. > > >Use a glibc-based Linux distribution instead. > > >Remove this test to build unsupported Postfix. > > >make: *** [Makefile:79: makefiles] Error 1 > > > > Isn't this contrary to what you have said before? > > > > https://marc.info/?l=postfix-users&m=158715103506366&w=2 > > > However, if people want to shoot themselves in the foot, then > > > Postfix won't stop them. > > No, with that (trusting the AD-bit from remote nameservers) Postfix > still works exactly as documented. The administrator gets exactly > what he asked for. > > The idea with the compile-time warning is to avoid surprise behaviour in > otherwise correct configurations, that differ unexpectedly only in the > platform C library. > > The defensive check will I hope only be needed for a limited amount of > time. If/when a later release of libc-musl does return a usable AD > bit, the check can be removed.
A solution that would work with existing and future versions of musl as well as glibc, and would (I think) avoid the need to poke at _res to set the glibc trustad flag, would be replacing the call to res_query with res_mkquery, |='ing the AD bit into place, then res_send. This is what I'll probably be recommending Alpine and other distros do in the mean time (via a patch) until they have an upstream solution, since it's a really easy and non-invasive change to make. As stated before I'd also like to have a solution in next musl release and hopefully will.x Rich
