Re: Linux Worm (fwd)

Jeremy Jackson (jerj@coplanar.net)
Fri, 23 Mar 2001 14:08:21 -0500


Dax Kelson wrote:

> Gerhard Mack said once upon a time (Fri, 23 Mar 2001):
>
> > On Fri, 23 Mar 2001, Bob Lorenzini wrote:
> >
> > > I'm annoyed when persons post virus alerts to unrelated lists but this
> > > is a serious threat. If your offended flame away.
> >
> > This should be a wake up call... distributions need to stop using product
> > with consistently bad security records.
>
> This TSIG bug in BIND 8 that is being exploited was added to BIND 8 by the
> same team who wrote BIND 9.
>
> In fact the last two major remote root compromises (TSIG and NXT) for BIND
> 8 was in code added to BIND 8 by the BIND 9 developers.

You could say new code in general causes security holes... don't fix it
and you won't break it. There is the security principle of least privilege
though...
RH7 (and earlier I think) run bind drops root and runs as user named after
opening
a listening socket, so I don't think a bind
compromise could retrieve the /etc/shadow file and modify system binaries...
and RH7.1(beta) will use capabilities to furthur restrict privileges given to
bind(v9).
(not root ever)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/