From owner-freebsd-security  Fri Jun 28 19:49: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 358C637B400
	for <security@FreeBSD.ORG>; Fri, 28 Jun 2002 19:48:59 -0700 (PDT)
Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6158743E09
	for <security@FreeBSD.ORG>; Fri, 28 Jun 2002 19:48:58 -0700 (PDT)
	(envelope-from andrew@scoop.co.nz)
Received: from localhost (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g5T2muhU096882;
	Sat, 29 Jun 2002 14:48:57 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Date: Sat, 29 Jun 2002 14:48:56 +1200 (NZST)
From: Andrew McNaughton <andrew@scoop.co.nz>
X-X-Sender: andrew@a2
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: libc flaw: BIND 9 closes most holes but also opens one
In-Reply-To: <200206282259.QAA03790@lariat.org>
Message-ID: <20020629143708.R92518-100000@a2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Fri, 28 Jun 2002, Brett Glass wrote:

> I've installed BIND 9 on our main domain name server to shield systems
> (including Windows boxes, which may be vulnerable) from the libc hole.
> Unfortunately, according to ISC, BIND 9 comes with a version of
> libbind that's vulnerable. (See http://www.cert.org/advisories/CA-2002-19.html.)
> So, if you load up BIND 9 and an app that uses it (such as Sendmail) links
> to the vulnerable libbind, you're still exposed.

You do have an advantage though in tha bind can run with reduced
privileges and in a chroot dir.  Much the same sort of protection that
privilege separation in sshd affords.

Given that unsafe privileged code is talking to bind, a compromised bind
could perhaps be made to do evil things, but producing an exploit which
modifies the executing code to that extent is no easy target.

Andrew McNaughton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message