[14798] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: glibc resolver weakness

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Sat May 6 15:18:31 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <200005031959.e43Jx0h24416@black-ice.cc.vt.edu>
Date:         Wed, 3 May 2000 15:58:48 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To:         antirez@LINUXCARE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Wed, 03 May 2000 03:40:46 +0200." 
              <20000503034046.A9579@nagash.marmoc.net>

On Wed, 03 May 2000 03:40:46 +0200, antirez <antirez@LINUXCARE.COM>  said:
> Hi all,
>
> this is from glibc 2.1.3 resolver source code:
>
> u_int
> res_randomid()
> {
>         struct timeval now;
>
>         __gettimeofday(&now, NULL);
>         return (0xffff & (now.tv_sec ^ now.tv_usec ^ __getpid()));
> }

The exact same code as in the BIND 8.2.2-p5 src/lib/resolv/res_init.c

I've *NOT* evaluated if there's an actual problem here, but if there is,
it's probably in *every* BIND-derived resolver...

--
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14798] in bugtraq

Re: glibc resolver weakness

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)Sat May 6 15:18:31 2000

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Sat May 6 15:18:31 2000