From owner-freebsd-security Wed Jan 31 17:54:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id E08CB37B6A8 for ; Wed, 31 Jan 2001 17:54:36 -0800 (PST) Received: (from dillon@localhost) by earth.backplane.com (8.11.1/8.9.3) id f111sYE23275; Wed, 31 Jan 2001 17:54:34 -0800 (PST) (envelope-from dillon) Date: Wed, 31 Jan 2001 17:54:34 -0800 (PST) From: Matt Dillon Message-Id: <200102010154.f111sYE23275@earth.backplane.com> To: Chris Johnson Cc: Przemyslaw Frasunek , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind References: <200101312123.f0VLNL134920@freefall.freebsd.org> <20010201014819.H675@riget.scene.pl> <20010131200142.A90211@palomine.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :Yes! Why work around BIND limitiations and do all this sandboxing to try to :limit the damage it can do to you, when there's a better alternative? : :Chris Yah, that's the ticket... kinda like wu-ftpd was created because existing ftpd's weren't up to snuff, except wu-ftpd turned out to have literally dozens of rootable exploits. Just because BIND's loopholes are advertised doesn't mean that other DNS servers don't have loopholes. While I agree that some of the newer ones almost certainly have *fewer* rootable loopholes, maybe, I don't see them as improving my risk factors much. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message