Date: Thu, 1 Feb 2001 12:02:19 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Chris Johnson <cjohnson@palomine.net>, Przemyslaw Frasunek <venglin@freebsd.lublin.pl>, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind Message-ID: <20010201120218.A10087@rapier.smartspace.co.za> In-Reply-To: <200102010154.f111sYE23275@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Jan 31, 2001 at 05:54:34PM -0800 References: <200101312123.f0VLNL134920@freefall.freebsd.org> <Pine.LNX.4.30.0101312352150.3617-100000@jamus.xpert.com> <20010201014819.H675@riget.scene.pl> <20010131200142.A90211@palomine.net> <200102010154.f111sYE23275@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed 2001-01-31 (17:54), Matt Dillon wrote: > > :Yes! Why work around BIND limitiations and do all this sandboxing to try to > :limit the damage it can do to you, when there's a better alternative? > : > :Chris > > Yah, that's the ticket... kinda like wu-ftpd was created because existing > ftpd's weren't up to snuff, except wu-ftpd turned out to have literally > dozens of rootable exploits. > > Just because BIND's loopholes are advertised doesn't mean that other > DNS servers don't have loopholes. While I agree that some of the newer > ones almost certainly have *fewer* rootable loopholes, maybe, I don't > see them as improving my risk factors much. It might be an idea to actually research djbdns, consider its design, history, and coding standards, and then make a judgement. Neil (aka djbdns port maintainer (with lots of help from roam)) -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010201120218.A10087>