Re: named 8.3.2-T1B vulnerable?
From: Alessandro de Manzano (adm@unixmania.net)
Date: 06/30/02
- Next message: Kurt Seifried: "Apache Worm Analysis (was Re: Apache worm in the wild)"
- Previous message: Doug Barton: "Re: named 8.3.2-T1B vulnerable?"
- In reply to: Doug Barton: "Re: named 8.3.2-T1B vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Jun 2002 22:58:43 +0200 From: Alessandro de Manzano <adm@unixmania.net> To: Doug Barton <DougB@FreeBSD.org>
On Sun, Jun 30, 2002 at 01:37:03PM -0700, Doug Barton wrote:
> Correct. There is currently a make.conf option for NO_BIND. In
yes, I knew it but I totally forgot about it ;)
> addition, some of us are working on a more thorough solution which will
> add some magic to the bsd.*.mk files so that you can put
> PORT_REPLACES_BASE_FOO in your /etc/make.conf, and it will automatically
> imply NO_FOO as well. Currently I'm testing a final buildworld for the
yup, should be useful :-)
> > More, I'll get an entry in the installed packages database for BIND
> > 8.3.3 that is "dangerous", since if I'll ever pkg_delete it I'll lost
> > the real/overwritten BIND...
>
> Yep. One of the things I'm adding to my little patch is to change the
> name of the port from foo-version to foo-system-version when installing
> to give you a clue as to what's about to happen. BUT, you are absolutely
IMHO the current system of -DSOMETHING is good, maybe just a couple of
suggestions: use a standard name (PORT_REPLACES_BASE_xxx as you said),
maybe it's already this way, I don't know :)) and/or a dialog(1) menu to
choose whether overwrite base components or not :)
Sometimes people 'forgot' to read into Makefiles to look for every
possible -D symbols..
> right in saying that this option is dangerous. However, there are lots
> of ways to shoot yourself in the foot here... it's up to you to find a
> better target. :) Also, the system will still run without BIND, unless
yes, of course :) you're right
> of course you're using that particular system as a name server. I have
a couple boxes of mine are actually public name servers, so I'll
absolutely upgrade them to 8.3.3 tomorrow morning.
This evening I upgraded my home box in this way to learn :)
> been using the "port overwrites base" stuff at Yahoo! for almost a year,
> and we haven't had any catastrophes yet.
>
> Hope this helps,
Yes, defintely! Thanks a lot ! :-)
-- bye! Ale To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Kurt Seifried: "Apache Worm Analysis (was Re: Apache worm in the wild)"
- Previous message: Doug Barton: "Re: named 8.3.2-T1B vulnerable?"
- In reply to: Doug Barton: "Re: named 8.3.2-T1B vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
