From: Jeremy Jackson <jerj@coplanar.net>
To: Dax Kelson <dax@gurulabs.com>
Cc: Gerhard Mack <gmack@innerfire.net>,
Bob Lorenzini <hwm@newportharbornet.com>,
linux-kernel@vger.kernel.org
Subject: Re: Linux Worm (fwd)
Date: Fri, 23 Mar 2001 14:08:21 -0500 [thread overview]
Message-ID: <3ABB9F25.9FF61FF8@coplanar.net> (raw)
In-Reply-To: <Pine.LNX.4.30.0103231150460.18026-100000@duely.gurulabs.com>
Dax Kelson wrote:
> Gerhard Mack said once upon a time (Fri, 23 Mar 2001):
>
> > On Fri, 23 Mar 2001, Bob Lorenzini wrote:
> >
> > > I'm annoyed when persons post virus alerts to unrelated lists but this
> > > is a serious threat. If your offended flame away.
> >
> > This should be a wake up call... distributions need to stop using product
> > with consistently bad security records.
>
> This TSIG bug in BIND 8 that is being exploited was added to BIND 8 by the
> same team who wrote BIND 9.
>
> In fact the last two major remote root compromises (TSIG and NXT) for BIND
> 8 was in code added to BIND 8 by the BIND 9 developers.
You could say new code in general causes security holes... don't fix it
and you won't break it. There is the security principle of least privilege
though...
RH7 (and earlier I think) run bind drops root and runs as user named after
opening
a listening socket, so I don't think a bind
compromise could retrieve the /etc/shadow file and modify system binaries...
and RH7.1(beta) will use capabilities to furthur restrict privileges given to
bind(v9).
(not root ever)
next prev parent reply other threads:[~2001-03-23 19:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-23 17:49 Linux Worm (fwd) Bob Lorenzini
2001-03-23 18:30 ` [OT] " Jonathan Morton
2001-03-23 18:31 ` Gerhard Mack
2001-03-23 18:51 ` [OT] " Doug McNaught
2001-03-23 19:39 ` Michael Bacarella
2001-03-23 22:19 ` Herbert Xu
2001-03-24 0:39 ` Edward S. Marshall
2001-03-24 17:11 ` Jesse Pollard
2001-03-24 17:50 ` Edward S. Marshall
2001-03-24 19:02 ` Sandy Harris
2001-03-23 18:56 ` Dax Kelson
2001-03-23 19:08 ` Jeremy Jackson [this message]
2001-03-23 20:30 ` Michael H. Warfield
2001-03-26 15:07 ` Richard B. Johnson
2001-03-26 15:24 ` Gregory Maxwell
2001-03-26 16:02 ` Bob_Tracy
2001-03-26 16:11 ` offtopic " John Jasen
2001-03-27 1:14 ` Drew Bertola
2001-03-26 18:53 ` Ben Ford
2001-03-26 15:40 ` David Weinehall
2001-03-26 16:51 ` Bob Lorenzini
2001-03-26 16:51 ` Henning P. Schmiedehausen
2001-03-26 18:32 ` Stephen Satchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ABB9F25.9FF61FF8@coplanar.net \
--to=jerj@coplanar.net \
--cc=dax@gurulabs.com \
--cc=gmack@innerfire.net \
--cc=hwm@newportharbornet.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.