From owner-freebsd-security  Sun Jun 30 19:42:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 28B6D37B400
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 19:42:20 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6195043E09
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 19:42:19 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id UAA07547;
	Sun, 30 Jun 2002 20:41:55 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020630203852.00c6d280@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sun, 30 Jun 2002 20:40:27 -0600
To: Mark.Andrews@isc.org
From: Brett Glass <brett@lariat.org>
Subject: Re: libc flaw: BIND 9 closes most holes but also opens one 
Cc: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG
In-Reply-To: <200207010208.g6128hm0066820@drugs.dv.isc.org>
References: <Your message of "Sat, 29 Jun 2002 22:10:05 CST." <4.3.2.7.2.20020629220046.02bed9a0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 08:08 PM 6/30/2002, Mark.Andrews@isc.org wrote:

>        You have been told how to fix the problem.  Install libbind
>        from BIND 8 (that implies the include files).
>
>        BIND9:
>        don't call configure with --enable-libbind (this is the default)
>        BIND8:
>        remove "bin" from "SUBDIRS= include port lib bin" in the top
>        level Makefile
>
>        Install both BIND 8 and BIND 9.  "--enable-libbind" effectively
>        does just that.

I'll do this. It'll be a bunch of work to do it on several systems....
I wish there were up-to-date binary packages! I may try to create
a binary package for BIND 8's libbind to make this easier.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message