[1830] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Paul D. Robertson)
Sun Jun 7 04:19:16 1998

Date: Sat, 6 Jun 1998 19:12:54 -0400 (EDT)
From: "Paul D. Robertson" <proberts@clark.net>
To: "Michael H. Warfield" <mhw@wittsend.com>
Cc: linux-security@redhat.com
In-Reply-To: <199806062110.RAA01110@alcove.wittsend.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Sat, 6 Jun 1998, Michael H. Warfield wrote:

> Vixie's sources up at www.isc.com.  I know of no reasons to be sitting
> on the 4.9.x stuff any more unless you are in love with or need some
> compatibility with /etc/named.boot (8.1.x uses the newer, more flexible
> /etc/named.conf).

Making sure that there won't be library problems with all the SRPMs and 
normal source packages which haven't been upgraded is my guess, as 8.x 
moved things.  For something like RH, where you'll end up with a large number 
of not-so-literate administrators, this is probably an overriding factor, 
followed by the lack of 3rd party documentation for named.conf.  Maybe 
we'll see a GUI config tool for the next release of RH, they're certainly 
trying to lower the bar to entry.

The RH folks made both BIND4 and BIND8 RPMs available with the first set 
of patches to the BIND sources prior to the 8.1.2 release, which fixed 
the inverse query problem.  They were up as soon as was possible.  

Given named-bootconf.pl, config file formats aren't likely to be a major 
force of staying with BIND4 for anyone who can write scripts, and doesn't 
want to spend the time "fixing" their current generation process.  

The other major factor in sticking with BIND4 is the ability to use a database 
backend, which is important for some sites, and doesn't look to be easily 
done on the BIND8 sources according to the maintainers of such packages.

As we've seen with the patches, 8.1.1 wasn't exactly great out of the 
box, so not adopting early wasn't that ill-thought of a move after all.  
Most vendors don't rush right on to newer versions, and I doubt that RH is 
any different in that regard.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post