From owner-freebsd-security Wed Jan 31 18: 2:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200]) by hub.freebsd.org (Postfix) with SMTP id 279DC37B69E for ; Wed, 31 Jan 2001 18:02:35 -0800 (PST) Received: (qmail 91682 invoked by uid 1000); 1 Feb 2001 02:02:33 -0000 Date: Wed, 31 Jan 2001 21:02:33 -0500 From: Chris Johnson To: Matt Dillon Cc: Przemyslaw Frasunek , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind Message-ID: <20010131210232.A91629@palomine.net> References: <200101312123.f0VLNL134920@freefall.freebsd.org> <20010201014819.H675@riget.scene.pl> <20010131200142.A90211@palomine.net> <200102010154.f111sYE23275@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102010154.f111sYE23275@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Jan 31, 2001 at 05:54:34PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jan 31, 2001 at 05:54:34PM -0800, Matt Dillon wrote: > :Yes! Why work around BIND limitiations and do all this sandboxing to try to > :limit the damage it can do to you, when there's a better alternative? > : > :Chris > > Yah, that's the ticket... kinda like wu-ftpd was created because existing > ftpd's weren't up to snuff, except wu-ftpd turned out to have literally > dozens of rootable exploits. > > Just because BIND's loopholes are advertised doesn't mean that other > DNS servers don't have loopholes. While I agree that some of the newer > ones almost certainly have *fewer* rootable loopholes, maybe, I don't > see them as improving my risk factors much. Except that djbdns was written by Dan Bernstein (of qmail fame). He doesn't know how to write rootable software. Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message