From: Paul Robertson (no email)
Date: Thu Jan 03 2002 - 16:48:06 EST
On Thu, 3 Jan 2002 wrote:
> > None the less- BIND's history doesn't instill confidence and irregardless
> > of that protecting BIND only makes sense on a mail server.
>
> It makes sense to claim this about BIND 4 and BIND 8. It doesn't make
> sense to claim this about BIND 9, since BIND 9 is a completely new
> implementation.
Claim that it's an intrusion vector- not yet. Claim that it's large
probably buggy code that needs protecting- History isn't *just* about
codebase, it's also about complexity of the problem and behaviour sets.
Want DoS attacks?
1129. [bug] Multithreaded servers could crash under heavy
resolution load due to a race condidtion. [RT #2018]
1111. [bug] Multithreaded servers could deadlock processing
recursive queries due to a locking hieararchy
violation in adb.c. [RT #2017]
1106. [bug] After seeing an out of range TTL, nsupdate would
treat all TTLs as out of range. [RT #2001]
1083. [bug] The default control channel listened on the
wildcard adress, not the loopback as documented.
[RT #1975]
That's since 9.2.0a1- and doesn't cover everything.
It's like saying that FTP doesn't suck[1] just becaues WU is buggy as
hell- *most* FTP servers have had holes, not necessarily because of shared
code, but also due to the historical issues surrounding anyone
implementing the protocol and traditional server behaviour.
Paul
[1] It does suck.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
which may have no basis whatsoever in fact."
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|