Re: stack protection

["Milan P. Stanic" <mps@rns-nis.co.yu>]

On Mon, Aug 25, 2003 at 10:56:38AM -0700, Don Armstrong wrote:
> I'm personally only really familiar with ISC's dhcpd3-server, but have
> you even read the code written by Ted Lemon? Just randomly slandering
> programmers when you are not intimately familiar with their code isn't
> something that should be done lightly.

In my original post you could read: (You quote it, see bellow)
---------------------------------------------------------------------
[ I don't like to offend  Paul Vixie or ISC programmers. They do good
job in the beginnings of the Internet and probably in these days they
didn't anticipate how hostile will become network for collaboration,
sharing ideas and knowledge, extending freedom ... ]
---------------------------------------------------------------------
So, I think I'm not slandering them or at least that isn't my
intention. I apologize if I did.

> As far as I can remember, the last exploit in dhcpd3-server happened
> well over 2 years ago. While I've never heard of an exploit in udhcp,
> I'm relatively sure it's not as widely scrutinized as dhcpd3-server.
 
Do you follow DSA?
--------------------------------------------------------------------------
Debian Security Advisory DSA 231-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 17th, 2003                      http://www.debian.org/security/faq

Debian Security Advisory DSA 245-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 28th, 2003                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

> > [ I don't like to offend Paul Vixie or ISC programmers. They do good
> > job in the beginnings of the Internet and probably in these days they
> > didn't anticipate how hostile will become network for collaboration,
> > sharing ideas and knowledge, extending freedom ... ]
> 
> Many of ISC's programs (bind, dhcp) current versions have been
> completely rewritten from scratch, or nearly from scratch. The people
> who wrote them are quite well aware of the current state of hostile
> networks.

AFAIK only bind is "rewritten", but Dan J. Bernstein explained how they
rewrote it. Some of the bugs were the same in version 8 (old code) and 9
(new "rewritten" code). ;-) Document could be found somewhere on DJB
site: http://cr.yp.to/
[ I don't like to refer to DJB, but can't remember anything better ]
 
> > [ BTW, a good measure for security is: don't use ISC software! :-) ]
> 
> In many cases, there isn't an alternative for ISC's software. I have
> yet to find a dhcp server that is as featureful and robust as ISC's
> dhcp server. If you're serving a network of 5 computers, udhcpd might
> work for you, but some people use debian to run dhcpd for networks of
> thousands of nodes with hundreds of subnets.

I'm using ISC's dhcp to. But this doesn't mean I must praise it and 
I can't see bugs.