We need to start hosting our own DNS service, and as as have been researching
the many known security holes in the standard 'named' BIND server, I notice
that every one involves "buffer overrun" of some description which lets nasty
request packets overwrite the stack and execute arbitrary code to become
root. I am still not convinced that there is a version of Bind entirely free
of buffer overrun bugs! It seems to me that this is a server that screams to
be rewritten in Java! It starts once and runs continuously - so JVM startup
is not a problem. Is anyone aware of an existing effort along this line?
P.S. As an interim, I plan to modify the BIND source to renounce root
privilege immediate after opening port 53. Why isn't this done as standard
practice?
--
Stuart D. Gathman <[EMAIL PROTECTED]>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Microsoft is the QWERTY of Operating Systems" - SDG
"Confutatis maledictus, flamis acribus addictus" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
(HINT: Find translation for the "Confutatis" movement of the Mozart
Requiem).
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
