From owner-freebsd-security Sun Feb 20 7:57:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from prioris.mini.pw.edu.pl (prioris.mini.pw.edu.pl [148.81.80.7]) by hub.freebsd.org (Postfix) with ESMTP id 0689137BEA9 for ; Sun, 20 Feb 2000 07:57:25 -0800 (PST) (envelope-from zaks@prioris.im.pw.edu.pl) Received: from pe44.warszawa.ppp.tpnet.pl ([212.160.56.44]:3588 "EHLO pe44.warszawa.ppp.tpnet.pl") by prioris.mini.pw.edu.pl with ESMTP id ; Sun, 20 Feb 2000 16:56:46 +0100 Received: (from localhost user: 'zaks', uid#1000) by localhost.localnet id ; Sun, 20 Feb 2000 12:16:21 +0100 From: Slawek Zak To: freebsd-security@FreeBSD.ORG Subject: Re: Why should I upgrade from 2.2.8 to 3.4 References: <200002171403.GAA81839@cwsys.cwsent.com> Mail-Copies-To: never Reply-To: zaks@prioris.im.pw.edu.pl Date: 20 Feb 2000 12:16:20 +0100 In-Reply-To: Cy Schubert - ITSD Open Systems Group's message of "Thu, 17 Feb 2000 06:02:53 -0800" Message-ID: <87g0uo5dkr-cos-mos@localhost.localnet> Lines: 26 Organization: Ministerstwo smierci na wojnie User-Agent: Gnus/5.0803 (Gnus v5.8.3) XEmacs/21.1 (Bryce Canyon) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org actually more secure than > > later versions. When the ADMROCKS exploit got out, I discovered that the > > BIND that shipped with 2.2.8 wasn't susceptible. Systems with newer versions > > of BIND were. > > Yes but BIND 4 has even more security holes than BIND 8. If I had to > run 2.2.8 and BIND, I'd install BIND 8 and run it in a jail under a > non-privileged account. Noone did serious security audit of BIND 8, so where do you get this "news" from ?? BIND 4 was audited by the OpenBSD team and is shipped with OpenBSD. I believe it does proper bound checking at least. BTW: You can run BIND 4.9.7 as another user in chrooted environment. -- "To save energy the light at the end of the tunnel will temporarily be switched off." Suavek Zak / PGP: finger://zaks@prioris.mini.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message