Date: Sun, 31 May 1998 23:56:23 -0700 (PDT) From: Steve Reid <sreid@alpha.sea-to-sky.net> To: freebsd-security@FreeBSD.ORG Subject: /usr/sbin/named Message-ID: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
next in thread | raw e-mail | index | archive | help
Is /usr/sbin/named as distributed with FreeBSD 2.2.6-RELEASE vulnerable to known exploits? Strings shows the version as 4.9.6-REL and a recent Bugtraq post listed this version as exploitable. However, although the _version_ is the same between my 2.2.6-RELEASE and 2.2.5-RELEASE machines, the _dates_ are different. Is /usr/sbin/named in 2.2.6-RELEASE fixed? Also... Is there any reason for this daemon to run as root, other than binding to port 53? Would it be possible and reasonable to patch it to give up root after binding to the port? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.iB1.0.980531235510.7174A-100000>