On Thu, Mar 22, 2001 at 03:13:52AM -0700, Kurt Seifried wrote:
> > Anyway, BIND can be fairly easily configured in
> > such a way that the risks are very low, especially
> > for this configuration.
>
> Yeah, except for those pesky root hacks, apart from that it's GREAT! =) Oh and
> the fact Bind 9 is over 10 megs of source code. And the whole ISC "Bind

Basically, the currently usable versions of BIND are:

4.9.8 (-OW1 to fix publicly known bugs and run as non-root/chrooted)
8.1.2 (with a back-port of the "infoleak" fix)

This is what I am using. And of these two, I prefer the 4.9.8-OW1
unless the new BIND 8 functionality is needed.

(BTW, 8.x drops root _after_ ns_init(), which may still allow for a
root compromise even if BIND is told to run as non-root. The files
parsed during ns_init() may be writable by the "unprivileged" user.
Secondary zones are an example. 4.9.x-OW doesn't have the problem.)

I see no need to install the newer versions. They are larger which
means that they offer more functionality to an attacker.

Of course, it is very likely there were other important fixes since
these versions, but it is even more likely that a few really bad bugs
have been introduced. The code quality hasn't improved. The design
hasn't changed in a way which would avoid bugs or would prevent them
from turning into vulnerabilities.

> consortium" meaning we (the general public/security professionals/etc) get
> security information even later then we do now, etc.

This is less of a problem.

-- 
/sd

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]