Re: BIND bugs of the month (fwd)

[cyarnell () WWIV COM (Chris Yarnell)]

---------- Forwarded message ----------
Date: Sat, 13 Nov 1999 21:11:54 -0800
From: Paul A Vixie <vixie () mibh net>
Subject: Re: BIND bugs of the month (fwd)

please forward since i'm not on bugtraq

> Date: Sat, 13 Nov 1999 01:14:24 -0000
> From: D. J. Bernstein <djb () CR YP TO>
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Re: BIND bugs of the month
>
> ...
> But all this cryptographic work accomplishes _nothing_ if the servers
> are subject to buffer overflows! An attacker doesn't have to bother
> guessing or sniffing query times and IDs, and forging DNS responses,
> if he can simply take over the DNS server.

yes.  see the proceedings of the fifth usenix security symposium for
further evidence of this, and evidence that i agreed with this view even
several years ago, well before the current events.

> This NXT buffer overflow isn't part of some old code that Paul Vixie
> inherited from careless graduate students. It's new code. It's part of
> BIND's DNSSEC implementation. I don't find the irony amusing. Obviously
> ISC's auditing is inadequate.

at times, yes it is.

> Does anyone seriously believe that the current BIND code is secure? If
> it isn't, adding DNSSEC to it doesn't help anybody. Is ISC going to
> rewrite the client and server in a way that gives us confidence in
> their security?

yes, this has been done over the past 18 months.  the result is BIND 9.
and yes, it's all new code, and yes, it's been audited, and yes, it's
designed to be audited, and yes, things like the NXT bug are the reason.

> David R. Conrad writes:
> > In addition, we recommend running your nameserver as non-root and
> > chrooted (I know setting this up is non-trivial -- it'll be much, much
> > easier in BINDv9).
>
> ``I wouldn't consider installing named any other way,'' I told Vixie in
> September 1996. He didn't respond. Of course, DNSSEC is equally useless
> either way; the only question is whether an attacker can also take over
> the rest of the machine.

when i saw the linux chroot("../../../../../../../..") hole i about fell
out of my chair.  truly no place is safe any more.