From owner-freebsd-arch  Fri Feb  8  2:19:27 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from a96180.upc-a.chello.nl (a96180.upc-a.chello.nl [62.163.96.180])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7C1F537B41B; Fri,  8 Feb 2002 02:19:25 -0800 (PST)
Received: by a96180.upc-a.chello.nl (Postfix, from userid 1001)
	id D9466216F; Fri,  8 Feb 2002 11:19:23 +0100 (CET)
Date: Fri, 8 Feb 2002 11:19:23 +0100
From: Jeroen Ruigrok/asmodai <asmodai@wxs.nl>
To: John Hay <jhay@icomtek.csir.co.za>
Cc: nectar@freebsd.org, freebsd-arch@freebsd.org
Subject: Re: cvs commit: src/contrib/bind FREEBSD-Xlist
Message-ID: <20020208101923.GE52378@daemon.ninth-circle.org>
References: <20020208065440.GB52378@daemon.ninth-circle.org> <200202080853.g188rRO39489@zibbi.icomtek.csir.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200202080853.g188rRO39489@zibbi.icomtek.csir.co.za>
User-Agent: Mutt/1.3.24i
Organisation: Ninth Circle Enterprises
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

-On [20020208 10:15], John Hay (jhay@icomtek.csir.co.za) wrote:
>So are they then selective of what they put on their security page?
>
>http://www.isc.org/products/BIND/bind-security.html

I am not saying they're selective, but I know Kris did some fixing for
potential problems.

>Or are we just lucky that the dark side haven't turned their efforts
>to v9 servers yet?

I think so.  BIND 8 is still the major player out there.  As soon as,
say, FreeBSD would ship with BIND 9 in the base, you can be sure
attention will shift.

I mean, it is ironic that one person already found a heap of potential
problem areas on a single sweep, whereas the piece of software claims to
have been rewritten from scratch to ensure more security [IIRC the texts
correctly].  Of course, a rewrite is a daunting task, but do not flaunt
around stating the improved security and auditing when one person points
out a bunch of problematic cases.

Caveat emptor.

-- 
Jeroen Ruigrok van der Werven / asmodai / Kita no Mono / xMach coreteam
asmodai@[wxs.nl|xmach.org], finger asmodai@ninth-circle.org
http://www.softweyr.com/asmodai/
Love will draw us in, to wipe our Tears away...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message