From owner-freebsd-security Thu Feb 13 14:43:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA14878 for security-outgoing; Thu, 13 Feb 1997 14:43:50 -0800 (PST) Received: from profane.iq.org (profane.iq.org [203.4.184.217]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA14780 for ; Thu, 13 Feb 1997 14:43:23 -0800 (PST) Received: (from proff@localhost) by profane.iq.org (8.8.4/8.8.2) id JAA00545; Fri, 14 Feb 1997 09:37:31 +1100 (EST) From: Julian Assange Message-Id: <199702132237.JAA00545@profane.iq.org> Subject: trusting dns addresses In-Reply-To: <330334BD.41C67EA6@village.org> from Warner Losh at "Feb 13, 97 08:35:25 am" To: imp@village.org (Warner Losh) Date: Fri, 14 Feb 1997 09:37:31 +1100 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > If you can't trust your resolver, then you are likely going to have a > lot of problems all over the system. Not if you have applied all of my patches. > This attack requires there to be a bug in the resolver in order to even > have a chance of succeeding. If that were the case, better to fix the > resolver than to fix all places in the source tree where it returns > data. I strongly disagree with this view. The problem should be fixed in both places. Trusting a protocol independent resolver to always return 4 byte addresses is nothing but bad programming. In fact, at the moment, despite the additional length checks, it can return 16 byte ipv6 addresses. No doubt as other protocols are added in the future we will see other lengths. I don't trust the resolver code, and I don't trust that even if is trust-worthy now (which it isn't due to ipv6 addresses), that it will be trust-worthy tomorrow. Further, the whole idea on having a BSD-style copyright on the sources is to encourage spread of the source code to other areas. This spread may well occur without the latest allegedly trust-worthy resolver library. It's bad. Its shoddy. It is a security hole now and likely one into the future and across domains. It breaks encapsulation. It needs be addressed. -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery