Date: Sun, 30 Jun 2002 13:37:03 -0700 From: Doug Barton <DougB@FreeBSD.org> To: Alessandro de Manzano <adm@unixmania.net> Cc: John Long <fbsd1@sstec.com>, security@FreeBSD.org Subject: Re: named 8.3.2-T1B vulnerable? Message-ID: <3D1F6BEF.582E44D9@FreeBSD.org> References: <5.1.0.14.2.20020629142257.0221e050@mail.sstec.com> <20020629170827.K5428-100000@master.gorean.org> <20020630192440.A18140@libero.sunshine.ale>
next in thread | previous in thread | raw e-mail | index | archive | help
Alessandro de Manzano wrote: > I've a question about replacing with PORT_REPLACES_BASE_BIND8. > > If today I install BIND 8.3.3 from the port with that option it will > overwrite the system one but next time I'll do a buildworld / > installworld I'll get again 8.3.2-T1B or whatever RELENG_4(_6) will > have that time.. right ? Correct. There is currently a make.conf option for NO_BIND. In addition, some of us are working on a more thorough solution which will add some magic to the bsd.*.mk files so that you can put PORT_REPLACES_BASE_FOO in your /etc/make.conf, and it will automatically imply NO_FOO as well. Currently I'm testing a final buildworld for the bind 8.3.3 import on -current. Once that's done, I'll be sending some patches and more info on this topic to the freebsd-arch mailing list. > More, I'll get an entry in the installed packages database for BIND > 8.3.3 that is "dangerous", since if I'll ever pkg_delete it I'll lost > the real/overwritten BIND... Yep. One of the things I'm adding to my little patch is to change the name of the port from foo-version to foo-system-version when installing to give you a clue as to what's about to happen. BUT, you are absolutely right in saying that this option is dangerous. However, there are lots of ways to shoot yourself in the foot here... it's up to you to find a better target. :) Also, the system will still run without BIND, unless of course you're using that particular system as a name server. I have been using the "port overwrites base" stuff at Yahoo! for almost a year, and we haven't had any catastrophes yet. Hope this helps, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1F6BEF.582E44D9>