On Apr 15, 9:09am, Christos Zoulas wrote: } On Apr 15, 5:29pm, k...@munnari.oz.au (Robert Elz) wrote: } } | ps: Christos - capabilities (if we had them) would not be the answer - if you } | were to trust bind to be unhackable, then just using root would be just as } | good a solution, if you (wisely) fail to believe that all named's bugs } | have been fixed, and that it can still be hacked, then giving it extra } | capabilities would still be allowing a privilege escalation - not as big } | a one as directly to root perhaps, but big things can often be built on } | small steps, and taking over a nameserver's answers (being able to intercept } | queries to port 53 and return bogus replies) is one of the standard ways } | to launch all kinds of attacks - allowing a hacker to bind to port 53, } | and perhaps other priv'd ports, depending upon the granualarity of the perms, } | which a capability based solution would essentially do (given named bugs } | remain to be exploited) is essentially giving them control of your network. } } I agree. If the bind license was not changed to MPL I would be inclined
What's wrong with the MPL? } to add an option to do a wild-card bind(2). Given that it is and How is this done in NetBSD? } we are stuck with a version that we are not going to upgrade until } that situation changes I'd advise to switch to unbound/nsd. Of course } it would have been nice if ISC would have dual licensed bind to make } an exception for the opensource operating systems, but they did not } do that either. } }-- End of excerpt from Christos Zoulas