From owner-freebsd-security@FreeBSD.ORG  Thu Oct 23 21:18:54 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 25FDA16A4B3
	for <security@freebsd.org>; Thu, 23 Oct 2003 21:18:54 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1ACE643FBF
	for <security@freebsd.org>; Thu, 23 Oct 2003 21:18:53 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org
	[63.229.157.2])	by lariat.org (8.9.3/8.9.3) with ESMTP id WAA18032;
	Thu, 23 Oct 2003 22:18:35 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
Message-Id: <6.0.0.22.2.20031023221633.03a53358@localhost>
X-Sender: brett@localhost (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Thu, 23 Oct 2003 22:18:35 -0600
To: "David G. Andersen" <danderse@cs.utah.edu>,
	Garance A Drosihn <drosih@rpi.edu>
From: Brett Glass <brett@lariat.org>
In-Reply-To: <20031023204646.A61063@cs.utah.edu>
References: <6.0.0.22.2.20031023162326.04c1e008@localhost>
 <p0600201bbbbe19a62f97@[128.113.24.47]>
 <6.0.0.22.2.20031023183427.04e18d10@localhost>
 <p0600201cbbbe2f1e37c5@[128.113.24.47]>
 <20031023204646.A61063@cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
cc: security@freebsd.org
Subject: 
 Re: /var partition overflow (due to spyware?) in FreeBSD
  default  install
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2003 04:18:54 -0000

At 08:46 PM 10/23/2003, David G. Andersen wrote:

>the problem is very obviously an excess of messages from bind.
>This bug report should go to the ISC folks.

Indeed. Or perhaps we can integrate a patch into FreeBSD and
then forward it up to ISC.

>No daemon should
>be spewing out log messages at the _incredible_ rate that
>bind does when it decides it doesn't like what it's getting
>in this context.  The same bug can be triggered by using a
>forwarding nameserver that bind doesn't like.

Interesting. What does BIND "not like" about certain forwarders?

>The immediate question to ask is, "is this fixed in bind9?"

That's only the immediate question if FreeBSD moves to BIND 9.
Otherwise, the question (at least in this forum) is, how does
FreeBSD patch it until or unless it goes to BIND 9?

--Brett