Re: To the bind maintainer

To: Greg Stark <gsstark@mit.edu>, <glen@transecure.com>
Cc: <debian-devel@lists.debian.org>
Subject: Re: To the bind maintainer
From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>
Date: Sat, 22 Jan 2000 12:21:28 +0100
Message-id: <[🔎] 3.0.6.32.20000122122128.00964b70@alexanderschool.nl>
In-reply-to: <[🔎] 87aelzt2iq.fsf@HSE-Montreal-ppp33976.qc.sympatico.ca>
References: <"Glen S Mehn"'s message of "Fri, 21 Jan 2000 13:39:10 -0800"> <[🔎] NDBBKILKCLFAKNCBCDHMEEMOCCAA.gmehn@concentric.net>

At 06:42 PM 1/21/00 -0500, Greg Stark wrote:
>
>"Glen S Mehn" <gmehn@concentric.net> writes:
>
>> While we're pitching in, I have to agree with mstone as well.
>> 
>> Security and stability are an important part of why folks come to Debian/Gnu
>> linux.
>> 
>> The postinstall script could even suggest running bind as root for, say,
>> laptops, IP tunnelling stuff, etc. There's enough of that going around.
>
>Or machines using plip or other point to point connections, or IP masquerading
>boxes, or with vmware installed, or any other emulator using ethertap
>devices... Or any machine that might do any of these things in the future.

So let the user choose...

And about the future: you can take it into account but don't use it as an argument
because then you should re-think a whole lot of other stuff to the point when
nothing you choose 'with all the possibilities of the future in mind' 
is practical anymore...

>Are there any known buffer overflow attacks against our current named? 

This is the Microsoft way: we only fix a problem when it occurs and when
it is way too late.

"To prevent is better than to cure" (or something along those lines...)

>If there was and it was running as a non-root user would being vulnuerable to
>a DOS attack and being open to non-root attacks be acceptable? 

If I would have to choose between a root and a non-root attack I will
choose the non-root attack any day.

>If there were any actual security gains then it might make sense to disable
>useful features for the security gains. As it is it merely downgrades a
>hypothetical attack from a root-obtaining-exploit to a remote exploit that
>doesn't obtain root but is a DOS and obtains non-root access to the machine.

Did you check the track record of bind with regard to root exploits?
Wht do you think they put this feature in anyway?

>If you want to improve security you should implement a kernel interface for
>non-root users to be able to do what named does. Then propose this again.

Hmmm, I have to think about that one... but until then I want to be able
to -choose- between what level of security I want for bind.

Regards,

Onno

Reply to:

References:
- RE: To the bind maintainer
  - From: "Glen S Mehn" <gmehn@concentric.net>
- Re: To the bind maintainer
  - From: Greg Stark <gsstark@mit.edu>

Prev by Date: Re: Emacs-20.5 refuses to start under X (further information)
Next by Date: updatedb doesnt work
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread