Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind

From: Brian Behlendorf (brian@collab.net)
Date: 01/31/01

• Next message: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Previous message: Sam Wun: "packets in ipmon"
• In reply to: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Next in thread: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Reply: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 31 Jan 2001 14:48:13 -0800 (PST)
From: Brian Behlendorf <brian@collab.net>
To: Alfred Perlstein <bright@wintelcom.net>

On Wed, 31 Jan 2001, Alfred Perlstein wrote:
> * Roman Shterenzon <roman@xpert.com> [010131 13:56] wrote:
> > On Wed, 31 Jan 2001, FreeBSD Security Advisories wrote:
> >
> > > =============================================================================
> > > FreeBSD-SA-01:18 Security Advisory
> > >
> > > Topic: BIND remotely exploitable buffer overflow
> > ..snip..
> >
> > Why not make it default in the base system?
>
> It has been, but only for several days.

I think he meant, why not set those recommendations for running as user
"bind" and in a chroot jail as the default? Unless I'm missing something,
that's not the case currently:

[yez] 2:47pm ~ > fgrep -i named_flag /etc/defaults/rc.conf
named_flags="" # Flags for named
#named_flags="-u bind -g bind" # Flags for named

        Brian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Previous message: Sam Wun: "packets in ipmon"
• In reply to: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Next in thread: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Reply: Alfred Perlstein: "Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Simple framework for regression tests in src/tools/regression ... On Thursday 17 January 2008 08:33:31 pm Alfred Perlstein wrote: ... There is C++ in the base system. ... But none of our regression tools are written in it. ... I suppose I could do the whole asprintf() ... (freebsd-arch) Re: Possible New Security Tool For FreeBSD, Need Your Help. ... On Fri, 31 Aug 2001, Alfred Perlstein wrote: ... >> Why not require the incoming packets to be spoofed from a preordained set ... >> of IP addresses to obfuscate it even more. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: mmap breakage? ... > Sounds like missing MAP_PRIVATE? ... Nope, private is set. ... but PROT has PROT_WRITE in it. ... Alfred Perlstein ... (freebsd-current) Re: AIO vulnerability (from bugtraq) ... On Monday 10 December 2001 20:08, Alfred Perlstein wrote: ... >> For those not on bugtraq, ... > Yah, this needs to be fixed, do note that AIO is not enabled by ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) pf startup script ... Is there supposed to be a startup script for pf installed now that it's part ... of the base system, or am I missing something? ... To unsubscribe, ... (freebsd-current)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-01