[1830] in linux-security and linux-alert archive
[linux-security] Re: Named update for RH 4.2 exploitable?
daemon@ATHENA.MIT.EDU (Paul D. Robertson)
Sun Jun 7 04:19:16 1998
Date: Sat, 6 Jun 1998 19:12:54 -0400 (EDT)
From: "Paul D. Robertson" <proberts@clark.net>
To: "Michael H. Warfield" <mhw@wittsend.com>
Cc: linux-security@redhat.com
In-Reply-To: <199806062110.RAA01110@alcove.wittsend.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Sat, 6 Jun 1998, Michael H. Warfield wrote:
> Vixie's sources up at www.isc.com. I know of no reasons to be sitting
> on the 4.9.x stuff any more unless you are in love with or need some
> compatibility with /etc/named.boot (8.1.x uses the newer, more flexible
> /etc/named.conf).
Making sure that there won't be library problems with all the SRPMs and
normal source packages which haven't been upgraded is my guess, as 8.x
moved things. For something like RH, where you'll end up with a large number
of not-so-literate administrators, this is probably an overriding factor,
followed by the lack of 3rd party documentation for named.conf. Maybe
we'll see a GUI config tool for the next release of RH, they're certainly
trying to lower the bar to entry.
The RH folks made both BIND4 and BIND8 RPMs available with the first set
of patches to the BIND sources prior to the 8.1.2 release, which fixed
the inverse query problem. They were up as soon as was possible.
Given named-bootconf.pl, config file formats aren't likely to be a major
force of staying with BIND4 for anyone who can write scripts, and doesn't
want to spend the time "fixing" their current generation process.
The other major factor in sticking with BIND4 is the ability to use a database
backend, which is important for some sites, and doesn't look to be easily
done on the BIND8 sources according to the maintainers of such packages.
As we've seen with the patches, 8.1.1 wasn't exactly great out of the
box, so not adopting early wasn't that ill-thought of a move after all.
Most vendors don't rush right on to newer versions, and I doubt that RH is
any different in that regard.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null