Re: securing bind

[Ken Hardy <ken () bridge com>]

It's obvious that we'll never see the end of stack overrun
attacks until overrunning the stack doesn't get you anywhere.
IMHO something like StackGuard should be a standard option on
*all* compilers, and all exposed services like DNS should be
compiled with it enabled.  Make that every bit of code (incl.
kernel?) running on a firewall.

It's not a cure-all for bad coding, but it does disable the
hackers' favorite attack automatically w/o any application code
review and patching.  Well, not completely disable, but it will
turn a root compromise into a DOS (program abends on stack
overrun).

See http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard.
I'd be interested in knowlegeable comments about how reliable
and comprehensive this approach to the stack overrun problem
is, though it's probably beyond the charter of this list.

Alternatively (and higher performance?) Solaris 2 has a kernel
parameter that can be set to make the stack non-executable.
The documentation I've seen warns that some programs depend on
self-modifying code on the stack but says that that may not be
an issue for many limited-use dedicated servers.  Anyone try
this when running any popular firewall products???

--
KH


On Wed, 17 Nov 1999, Craig H. Rowland wrote:

> > can anyone point me to a good document, how i can secure bind? i searched
> > the web, but couldn't find anything useful.
>
> This is kind of a vague question depending on what you mean by securing
> BIND. The first thing you should do is chroot() it though (IMHO). I wrote
> some documents a while back that explain how to do this for version 8.x:
>
> http://www.psionic.com/papers/dns
>
> Adam Shostack has instructions for BIND 4.x on solaris too:
>
> http://www.homeport.org/~adam/dns.html
>
> -- Craig