Quoting Ian C. Sison ([EMAIL PROTECTED]):
> Maybe the vulnerabilities of the old codebase do not apply to 9.x due
> to the redesign/rewrite, but the principle of monolith design is
> generally asking_for_an_exploit(tm), and as expected, there has
> already been 1 security problem in 9.x (which counts) and another in
> the resolver library (which i think does not count..)
Hmm, the only recent resolver libs problem I've found (a buffer
overflow) was around July of this year and was in the BIND v. _8.x_
libbind. But please note that, ironically, this vulnerability could not
be exploited if the query passed through a BIND v. _9.x_ cache. ;->
(Many -- most? -- Linux systems use the glibc resolver library, rather
than any BIND lib. That doesn't affect your point; I just thought I'd
mention the fact.)
After searching the CERT database, the only vulnerability in BIND9
itself that I can find is CERT Advisory #CA-2002-15, last June -- but
the hole was not exploitable in any way other than a DoS.
Specifically: Sending a specific DNS packet to the daemon triggered
that instance going into some sort of test mode where it performed an
internal consistency check. Somebody at Nominum obviously screwed up,
but it's (1) not what we (mostly) mean when we say "security problem"
and (2) not attributable to monolithic architecture.
> I am unsure about MaraDNS, but i believe the little proglets of djbdns
> are clearly the way to go, if one has a little more time to develop,
> and debug such a design..
I tend to strongly agree with the general sentiment -- with the caveat
that, ultimately, the only suitable criterion for successful designs is
results (the "Proof is in the pudding" rule). I offer Exim as a modest
example: It's not been perfect, but author Philip Hazel, is very on top
of things. It had one local-only root exploit in 1997, patched
immediately. In 2001, there was a format-string weakness, but only
against obsolete versions. (Hazel had already patched it.) In late
2001, Hazel fixed a input-validation weakness that theoretically might
have permitted remote attacks using pipes, for which there never were
any known exploits. I believe that's pretty much its entire security
history, since the initial version in 1995.
That's arguably good enough, given (1) competent system maintenance and
(2) the major win Exim gives in simplicity of operation and
configuration. It even has some advantages available only to monolithic
designs: Postfix and Qmail can't be configured to eliminate dupe copies
when you are mailed directly plus via an alias; Exim (and presumably
Sendmail) can.
--
Cheers, "I am the very model of a modern Unix sysadmin,
Rick Moen I've information relevant to programs in slash usr bin,
[EMAIL PROTECTED] I know the tricks of emacs and the vi bugs historical,
From a to ZZ upper case, in order categorical." H. Hahn
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
