Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 23 Mar 2001 14:15:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 23 Mar 2001 14:15:44 -0500 Received: from tomts7.bellnexxia.net ([209.226.175.40]:19880 "EHLO tomts7-srv.bellnexxia.net") by vger.kernel.org with ESMTP id ; Fri, 23 Mar 2001 14:15:34 -0500 Message-ID: <3ABB9F25.9FF61FF8@coplanar.net> Date: Fri, 23 Mar 2001 14:08:21 -0500 From: Jeremy Jackson X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586) X-Accept-Language: en MIME-Version: 1.0 To: Dax Kelson CC: Gerhard Mack , Bob Lorenzini , linux-kernel@vger.kernel.org Subject: Re: Linux Worm (fwd) In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Dax Kelson wrote: > Gerhard Mack said once upon a time (Fri, 23 Mar 2001): > > > On Fri, 23 Mar 2001, Bob Lorenzini wrote: > > > > > I'm annoyed when persons post virus alerts to unrelated lists but this > > > is a serious threat. If your offended flame away. > > > > This should be a wake up call... distributions need to stop using product > > with consistently bad security records. > > This TSIG bug in BIND 8 that is being exploited was added to BIND 8 by the > same team who wrote BIND 9. > > In fact the last two major remote root compromises (TSIG and NXT) for BIND > 8 was in code added to BIND 8 by the BIND 9 developers. You could say new code in general causes security holes... don't fix it and you won't break it. There is the security principle of least privilege though... RH7 (and earlier I think) run bind drops root and runs as user named after opening a listening socket, so I don't think a bind compromise could retrieve the /etc/shadow file and modify system binaries... and RH7.1(beta) will use capabilities to furthur restrict privileges given to bind(v9). (not root ever) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/