From owner-freebsd-security Thu Feb 17 6: 6:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 5A92837B734 for ; Thu, 17 Feb 2000 06:06:26 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA18222; Thu, 17 Feb 2000 06:04:34 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda18218; Thu Feb 17 06:04:15 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA67599; Thu, 17 Feb 2000 06:04:14 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdN67597; Thu Feb 17 06:03:42 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id GAA81839; Thu, 17 Feb 2000 06:03:41 -0800 (PST) Message-Id: <200002171403.GAA81839@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdX81834; Thu Feb 17 06:02:53 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.4-RELEASE X-Sender: cy To: Brett Glass Cc: Wes Peters , Richard Wackerbarth , Warner Losh , freebsd-security@FreeBSD.ORG Subject: Re: Why should I upgrade from 2.2.8 to 3.4 In-reply-to: Your message of "Wed, 16 Feb 2000 13:12:53 MST." <4.2.2.20000216131102.04308c80@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 17 Feb 2000 06:02:53 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.2.2.20000216131102.04308c80@localhost>, Brett Glass writes: > At 11:12 AM 2/16/2000 , Wes Peters wrote: > > >And this coming from the 2.x "keeper of the flame." Yes, 2.2.8 should carry > >a warning label of some sort. > > On the other hand, some things in 2.2.8 were actually more secure than > later versions. When the ADMROCKS exploit got out, I discovered that the > BIND that shipped with 2.2.8 wasn't susceptible. Systems with newer versions > of BIND were. Yes but BIND 4 has even more security holes than BIND 8. If I had to run 2.2.8 and BIND, I'd install BIND 8 and run it in a jail under a non-privileged account. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@uumail.gov.bc.ca UNIX Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message