Date: 20 Feb 2000 12:16:20 +0100 From: Slawek Zak <S.Zak@altkom.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Why should I upgrade from 2.2.8 to 3.4 Message-ID: <87g0uo5dkr-cos-mos@localhost.localnet> In-Reply-To: Cy Schubert - ITSD Open Systems Group's message of "Thu, 17 Feb 2000 06:02:53 -0800" References: <200002171403.GAA81839@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
actually more secure than
> > later versions. When the ADMROCKS exploit got out, I discovered that the
> > BIND that shipped with 2.2.8 wasn't susceptible. Systems with newer versions
> > of BIND were.
>
> Yes but BIND 4 has even more security holes than BIND 8. If I had to
> run 2.2.8 and BIND, I'd install BIND 8 and run it in a jail under a
> non-privileged account.
Noone did serious security audit of BIND 8, so where do you get this
"news" from ?? BIND 4 was audited by the OpenBSD team and is shipped
with OpenBSD. I believe it does proper bound checking at least.
BTW: You can run BIND 4.9.7 as another user in chrooted environment.
--
"To save energy
the light at the end of the tunnel
will temporarily be switched off."
Suavek Zak / PGP: finger://zaks@prioris.mini.pw.edu.pl
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87g0uo5dkr-cos-mos>