oss-sec mailing list archives

Re: Root name server changes -> bind

From: Mark J Cox <mjc () redhat com>
Date: Thu, 22 May 2008 08:15:45 +0100 (BST)

#3: Second solution, and the better one that is harder to implement I
imagine, is to care a lot less about where it is contacting and care a lot
more about the information it is receiving. Digital signatures, MD5 hashes
(where would it get those from though) or some other form of validation of
the content it receives would help reduce risk significantly.

This is what I bet most of the vendors represented here do; for examplethe Red Hat Network client 1) contacts the server at Red Hat over SSL, 2)verifies that the certificate of the site it's connecting to was issued bya CA hardcoded into the distro, 3) will only install packages withoutprompting that are digitally signed by a previously-imported public key.

If any one of those mechanisms failed I would expect it to generate a CVE(even though the security of the system as a whole isn't broken unless all

of them break together).

This sort of update mechanism isn't that difficult to implement. Soshould you give a CVE to an update mechanism that fails to implement asecure update process? absolutely.


Mark

Current thread:

Root name server changes -> bind Marcus Meissner (May 21)
- Re: Root name server changes -> bind Jonathan Smith (May 21)
  - Re: Root name server changes -> bind Florian Weimer (May 22)
    - Re: Root name server changes -> bind Jonathan Smith (May 22)
    - Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Steven M. Christey (May 21)
  - Re: Root name server changes -> bind security curmudgeon (May 21)
    - Re: Root name server changes -> bind Mark J Cox (May 22)
- Re: Root name server changes -> bind Thijs Kinkhorst (May 22)
  - Re: Root name server changes -> bind Marcus Meissner (May 23)