Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind

From: Chris Johnson (cjohnson@palomine.net)
Date: 02/01/01 

Date: Wed, 31 Jan 2001 21:02:33 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Matt Dillon <dillon@earth.backplane.com>

On Wed, Jan 31, 2001 at 05:54:34PM -0800, Matt Dillon wrote:
> :Yes! Why work around BIND limitiations and do all this sandboxing to try to
> :limit the damage it can do to you, when there's a better alternative?
> :
> :Chris
>
> Yah, that's the ticket... kinda like wu-ftpd was created because existing
> ftpd's weren't up to snuff, except wu-ftpd turned out to have literally
> dozens of rootable exploits.
>
> Just because BIND's loopholes are advertised doesn't mean that other
> DNS servers don't have loopholes. While I agree that some of the newer
> ones almost certainly have *fewer* rootable loopholes, maybe, I don't
> see them as improving my risk factors much.

Except that djbdns was written by Dan Bernstein (of qmail fame). He doesn't
know how to write rootable software.

Chris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
    ... Why work around BIND limitiations and do all this sandboxing to try to ... :limit the damage it can do to you, ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
    ... >:limit the damage it can do to you, ... > DNS servers don't have loopholes. ... > ones almost certainly have *fewer* rootable loopholes, maybe, I don't ... Neil (aka djbdns port maintainer (with lots of help from roam)) ...
    (FreeBSD-Security)