From: Jeremy Jackson <jerj@coplanar.net>
To: Dax Kelson <dax@gurulabs.com>
Cc: Gerhard Mack <gmack@innerfire.net>,
Bob Lorenzini <hwm@newportharbornet.com>,
linux-kernel@vger.kernel.org
Subject: Re: Linux Worm (fwd)
Date: Fri, 23 Mar 2001 14:08:21 -0500 [thread overview]
Message-ID: <3ABB9F25.9FF61FF8@coplanar.net> (raw)
In-Reply-To: <Pine.LNX.4.30.0103231150460.18026-100000@duely.gurulabs.com>
Dax Kelson wrote:
> Gerhard Mack said once upon a time (Fri, 23 Mar 2001):
>
> > On Fri, 23 Mar 2001, Bob Lorenzini wrote:
> >
> > > I'm annoyed when persons post virus alerts to unrelated lists but this
> > > is a serious threat. If your offended flame away.
> >
> > This should be a wake up call... distributions need to stop using product
> > with consistently bad security records.
>
> This TSIG bug in BIND 8 that is being exploited was added to BIND 8 by the
> same team who wrote BIND 9.
>
> In fact the last two major remote root compromises (TSIG and NXT) for BIND
> 8 was in code added to BIND 8 by the BIND 9 developers.
You could say new code in general causes security holes... don't fix it
and you won't break it. There is the security principle of least privilege
though...
RH7 (and earlier I think) run bind drops root and runs as user named after
opening
a listening socket, so I don't think a bind
compromise could retrieve the /etc/shadow file and modify system binaries...
and RH7.1(beta) will use capabilities to furthur restrict privileges given to
bind(v9).
(not root ever)
next prev parent reply other threads:[~2001-03-23 19:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-23 17:49 Linux Worm (fwd) Bob Lorenzini
2001-03-23 18:30 ` [OT] " Jonathan Morton
2001-03-23 18:31 ` Gerhard Mack
2001-03-23 18:51 ` [OT] " Doug McNaught
2001-03-23 19:39 ` Michael Bacarella
2001-03-23 22:19 ` Herbert Xu
2001-03-24 0:39 ` Edward S. Marshall
2001-03-24 17:11 ` Jesse Pollard
2001-03-24 17:50 ` Edward S. Marshall
2001-03-24 19:02 ` Sandy Harris
2001-03-23 18:56 ` Dax Kelson
2001-03-23 19:08 ` Jeremy Jackson [this message]
2001-03-23 20:30 ` Michael H. Warfield
2001-03-26 15:07 ` Richard B. Johnson
2001-03-26 15:24 ` Gregory Maxwell
2001-03-26 16:02 ` Bob_Tracy
2001-03-26 16:11 ` offtopic " John Jasen
2001-03-27 1:14 ` Drew Bertola
2001-03-26 18:53 ` Ben Ford
2001-03-26 15:40 ` David Weinehall
2001-03-26 16:51 ` Bob Lorenzini
2001-03-26 16:51 ` Henning P. Schmiedehausen
2001-03-26 18:32 ` Stephen Satchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ABB9F25.9FF61FF8@coplanar.net \
--to=jerj@coplanar.net \
--cc=dax@gurulabs.com \
--cc=gmack@innerfire.net \
--cc=hwm@newportharbornet.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox