Trail of Bits ( https://trailofbits.com ) 對 CoreDNS 進行了安全審查和威脅建模。
以下引述自安全審查摘要
「本次稽核發現了一個高嚴重性問題 (TOB-CDNS-8),該問題涉及可能導致快取中毒攻擊的錯誤。其他大多數問題屬於資訊性或低嚴重性;其中包括一些因資料驗證不足所導致的問題,特別是關於各種函式處理資料的假設,這些是我們透過執行模糊測試工具發現的。大多數發現與阻斷服務漏洞有關。」
該報告可以在 Trail of Bits 在 GitHub 上的出版物中找到: https://github.com/trailofbits/publications/blob/master/reviews/CoreDNS.pdf
目前,已開啟以下 PR 以解決報告中提出的問題
- https://github.com/coredns/coredns/pull/5085 (TOB-CDNS-1)
- https://github.com/coredns/coredns/pull/5108 (TOB-CDNS-5)
- https://github.com/coredns/coredns/pull/5168 (TOB-CDNS-2)
- https://github.com/coredns/coredns/pull/5169 (TOB-CDNS-3)
- https://github.com/coredns/coredns/pull/5170 (TOB-CDNS-4)
- https://github.com/coredns/coredns/pull/5171 (TOB-CDNS-15)
- https://github.com/coredns/coredns/pull/5172 (TOB-CDNS-11)
- https://github.com/coredns/coredns/pull/5173 (TOB-CDNS-9)
- https://github.com/coredns/coredns/pull/5174 (TOB-CDNS-8)
- https://github.com/coredns/coredns/pull/5220 (TOB-CDNS-10)
- https://github.com/coredns/coredns/pull/5224 (TOB-CDNS-14)
- https://github.com/coredns/coredns/pull/5225 (TOB-CDNS-7)
- https://github.com/coredns/coredns/pull/5226 (TOB-CDNS-6)
- https://github.com/coredns/coredns/pull/5227 (TOB-CDNS-12)
- https://github.com/coredns/coredns/pull/5228 (TOB-CDNS-12)
- https://github.com/coredns/coredns/pull/5231 (TOB-CDNS-12)