From: "Edward S. Marshall" <esm@logic.net>
To: linux-kernel@vger.kernel.org
Subject: Re: [OT] Linux Worm (fwd)
Date: Sat, 24 Mar 2001 11:50:03 -0600 [thread overview]
Message-ID: <20010324115003.A13622@labyrinth.local> (raw)
In-Reply-To: <Pine.LNX.4.10.10103231028250.9403-100000@innerfire.net> <m3ae6c48v4.fsf@belphigor.mcnaught.org> <01032411170201.03927@tabby>
In-Reply-To: <01032411170201.03927@tabby>; from jesse@cats-chateau.net on Sat, Mar 24, 2001 at 11:11:50AM -0600
On Sat, Mar 24, 2001 at 11:11:50AM -0600, Jesse Pollard wrote:
> Bind itself has been proven over many years. This is the first major
> problem found.
This is so blatantly incorrect as to be laughable. BIND 4 and 8 had a
long and glorious history of serious security flaws; a quick search of
the www.securityfocus.com vulnerability archives for "BIND" returns a
ton of results, ranging from root compromises to denial of service
attacks to cache poisoning problems.
> If you want a fix, get bind v9. Besides handling IP version
> 4, it also handles version 6.
I'll believe in BIND 9's safety after it's been widely deployed; with few
OS vendors actually bundling BIND 9 at this point, it's received very
little real-world attention.
> It really isn't, but the new bind may be. There is even an update
> to bind 8 that contains a fix for the problem.
Until the next design flaw produces yet-another-vulnerability?
While other packages might not be free software, I don't have the luxury
of following principles in lieu of security.
Last post from me on the subject, because this has next to nothing to do
with the Linux kernel.
--
Edward S. Marshall <esm@logic.net> http://www.nyx.net/~emarshal/
-------------------------------------------------------------------------------
[ Felix qui potuit rerum cognoscere causas. ]
next prev parent reply other threads:[~2001-03-24 17:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-23 17:49 Linux Worm (fwd) Bob Lorenzini
2001-03-23 18:30 ` [OT] " Jonathan Morton
2001-03-23 18:31 ` Gerhard Mack
2001-03-23 18:51 ` [OT] " Doug McNaught
2001-03-23 19:39 ` Michael Bacarella
2001-03-23 22:19 ` Herbert Xu
2001-03-24 0:39 ` Edward S. Marshall
2001-03-24 17:11 ` Jesse Pollard
2001-03-24 17:50 ` Edward S. Marshall [this message]
2001-03-24 19:02 ` Sandy Harris
2001-03-23 18:56 ` Dax Kelson
2001-03-23 19:08 ` Jeremy Jackson
2001-03-23 20:30 ` Michael H. Warfield
2001-03-26 15:07 ` Richard B. Johnson
2001-03-26 15:24 ` Gregory Maxwell
2001-03-26 16:02 ` Bob_Tracy
2001-03-26 16:11 ` offtopic " John Jasen
2001-03-27 1:14 ` Drew Bertola
2001-03-26 18:53 ` Ben Ford
2001-03-26 15:40 ` David Weinehall
2001-03-26 16:51 ` Bob Lorenzini
2001-03-26 16:51 ` Henning P. Schmiedehausen
2001-03-26 18:32 ` Stephen Satchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010324115003.A13622@labyrinth.local \
--to=esm@logic.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox