[34109] in North American Network Operators' Group
Re: sorry to ruin several of your evenings...
daemon@ATHENA.MIT.EDU (James R Grinter)
Sun Jan 28 09:22:34 2001
From: jrg@blodwen.demon.co.uk (James R Grinter)
To: nanog@merit.edu
Mime-Version: 1.0 (generated by tm-edit 1.5)
Content-Type: text/plain; charset=US-ASCII
Date: 28 Jan 2001 14:20:23 +0000
In-Reply-To: "Tony Rall"'s message of "Sat, 27 Jan 2001 23:11:50 -0800"
Message-ID: <x78znvahco.fsf@indy1.watching.org>
Errors-To: owner-nanog-outgoing@merit.edu
"Tony Rall" <trall@almaden.ibm.com> writes:
> It is not clear to me what incentive there is for someone running 8.2.2P7
> to upgrade to 8.3. In particular, it does not appear (from the ISC web
> site or from Paul's msgs) that 8.3 fixes any security flaws in 8.2.2P7.
If you look at a source diff between 8.2.2-P7 and 8.2.3, you might be
scared at some of the little things that were fixed. (There's a lot of
stuff added, too, as one might expect of a release and it is obviously
possible that there are problems introduced within those areas too.)
I can't comment about the big changes - I don't know the code well
enough - but there are a number of changes like this:
- if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) {
+ if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) {
and
- if (size < sizeof "255.")
+ if (size <= sizeof "255.")
that make me willing to upgrade (presupposing they went the right way!)
My favourite inconsequential but useful change, which someone else in
this thread referred to, has to be:
- "No default TTL set using SOA minimum instead");
+ "No default TTL ($TTL <value>) set, using SOA minimum instead");
James.
