Date: Wed, 26 Jun 2002 15:17:59 -0600 From: Brett Glass <brett@lariat.org> To: "H. Wade Minter" <minter@lunenburg.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Message-ID: <4.3.2.7.2.20020626151157.02193340@localhost> In-Reply-To: <20020626164206.P57680-100000@bunning.skiltech.com> References: <4.3.2.7.2.20020626143023.022716c0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:42 PM 6/26/2002, H. Wade Minter wrote: >I wouldn't think that ports or packages that don't statically link a >resolver would need to be recompiled. The way I read it, if they link statically to libc and use the resolution code there, they can be hit. But, again, it may be possible to defuse the bug without tearing the whole system apart. After all, if resolv.conf points the query at a locally running copy of, say, BIND or djbdns, and the daemon blocks the exploit, you're safe. Same if you query a domain name server (on the same host or not) and *it* blocks the exploit. So, fixing the problem might be as simple as turning on named and modifying resolv.conf. The announcement didn't mention this as a possible workaround. Would it work? --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020626151157.02193340>