Re: To the bind maintainer
At 06:42 PM 1/21/00 -0500, Greg Stark wrote:
>
>"Glen S Mehn" <gmehn@concentric.net> writes:
>
>> While we're pitching in, I have to agree with mstone as well.
>>
>> Security and stability are an important part of why folks come to Debian/Gnu
>> linux.
>>
>> The postinstall script could even suggest running bind as root for, say,
>> laptops, IP tunnelling stuff, etc. There's enough of that going around.
>
>Or machines using plip or other point to point connections, or IP masquerading
>boxes, or with vmware installed, or any other emulator using ethertap
>devices... Or any machine that might do any of these things in the future.
So let the user choose...
And about the future: you can take it into account but don't use it as an argument
because then you should re-think a whole lot of other stuff to the point when
nothing you choose 'with all the possibilities of the future in mind'
is practical anymore...
>Are there any known buffer overflow attacks against our current named?
This is the Microsoft way: we only fix a problem when it occurs and when
it is way too late.
"To prevent is better than to cure" (or something along those lines...)
>If there was and it was running as a non-root user would being vulnuerable to
>a DOS attack and being open to non-root attacks be acceptable?
If I would have to choose between a root and a non-root attack I will
choose the non-root attack any day.
>If there were any actual security gains then it might make sense to disable
>useful features for the security gains. As it is it merely downgrades a
>hypothetical attack from a root-obtaining-exploit to a remote exploit that
>doesn't obtain root but is a DOS and obtains non-root access to the machine.
Did you check the track record of bind with regard to root exploits?
Wht do you think they put this feature in anyway?
>If you want to improve security you should implement a kernel interface for
>non-root users to be able to do what named does. Then propose this again.
Hmmm, I have to think about that one... but until then I want to be able
to -choose- between what level of security I want for bind.
Regards,
Onno
Reply to: