[9438] in bugtraq
DNS without NSD on Irix 6.5
daemon@ATHENA.MIT.EDU (Adam Laurie)
Tue Feb 9 16:39:58 1999
Date: Tue, 9 Feb 1999 10:18:43 +0000
Reply-To: Adam Laurie <adam@ALGROUP.CO.UK>
From: Adam Laurie <adam@ALGROUP.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In a previous thread we hinted at problems with the "nsd" service on
Irix 6.5 - it uses NFS for internal communication, giving plenty of
potential exploit material... Indeed, it turns out that the Irix 6.5.3
overlays contain some "fixes" for this...
As usual, we have some good news and some bad news:
The Bad News: The 6.5.3 overlays make no visible difference to the
operation of nsd. i.e. UDP ports are still open all over the place, so
the "fixes" are presumably of the internal access contol type.
The Good News: If you have full source for your application, you can
bypass the Irix resolver libraries altogether and use bind instead.
Simply build/install bind-8.1.2, tweak your application's cc flags with
something like "-L /usr/local/bind/lib -l bind" and rebuild at gas mark
2 for 12 minutes.
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers
