From owner-freebsd-security  Thu Feb  1  2: 2:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from rapier.smartspace.co.za (rapier.smartspace.co.za [66.8.25.34])
	by hub.freebsd.org (Postfix) with SMTP id 1C13737B65D
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Feb 2001 02:02:32 -0800 (PST)
Received: (qmail 11820 invoked by uid 1001); 1 Feb 2001 10:02:19 -0000
Date: Thu, 1 Feb 2001 12:02:19 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Chris Johnson <cjohnson@palomine.net>,
	Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
Message-ID: <20010201120218.A10087@rapier.smartspace.co.za>
References: <200101312123.f0VLNL134920@freefall.freebsd.org> <Pine.LNX.4.30.0101312352150.3617-100000@jamus.xpert.com> <20010201014819.H675@riget.scene.pl> <20010131200142.A90211@palomine.net> <200102010154.f111sYE23275@earth.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102010154.f111sYE23275@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Jan 31, 2001 at 05:54:34PM -0800
Organization: Building Intelligence
X-Operating-System: FreeBSD 4.2-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed 2001-01-31 (17:54), Matt Dillon wrote:
> 
> :Yes! Why work around BIND limitiations and do all this sandboxing to try to
> :limit the damage it can do to you, when there's a better alternative?
> :
> :Chris
> 
>     Yah, that's the ticket... kinda like wu-ftpd was created because existing
>     ftpd's weren't up to snuff, except wu-ftpd turned out to have literally
>     dozens of rootable exploits.
> 
>     Just because BIND's loopholes are advertised doesn't mean that other 
>     DNS servers don't have loopholes.  While I agree that some of the newer
>     ones almost certainly have *fewer* rootable loopholes, maybe, I don't
>     see them as improving my risk factors much.

It might be an idea to actually research djbdns, consider its design,
history, and coding standards, and then make a judgement.

Neil (aka djbdns port maintainer (with lots of help from roam))
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message