Date: Sat, 29 Jun 2002 22:10:05 -0600 From: Brett Glass <brett@lariat.org> To: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <4.3.2.7.2.20020629220046.02bed9a0@localhost> In-Reply-To: <20020630011804.GA24509@rfc822.net> References: <4.3.2.7.2.20020629191122.02c948b0@localhost> <4.3.2.7.2.20020629180311.02b5b2d0@localhost> <4.3.2.7.2.20020629191122.02c948b0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:18 PM 6/29/2002, Pete Ehlke wrote: >You are aware, Brett, that you are lecturing one of the BIND authors on >the subtleties of the BIND source? > >Once and for all: there is a fixed 8.3.x. There is a fixed 8.2.x. There >is even a fixed v4. In short, you've gone back and created fixed versions of these "ancient" bloodlines? If so, that's good, but it doesn't help the majority of us. In particular, it doesn't help people who install FreeBSD now, or who maintain it and need to make sure that everything's fixed. We need BIND 9 (required to shield other systems, including Solaris and Windows boxes, which are likely vulnerable) and a fixed libbind. Oh, and a fixed Sendmail, which right now can only be had if one risks installing a -STABLE snapshot. (4.6-RELEASE-p1, for some reasond, does not have it.) And you can't install binary packages if they contain statically linked binaries. In short, right now, it's damnably difficult to secure existing FreeBSD systems or to create new ones (for which I have clients waiting). So, pardon me if I seem frustrated. I'm responsible for plugging all the holes in the dikes and for building several systems that I cannot, right now, build with confidence. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020629220046.02bed9a0>