Fwd: PATCH to BIND-8.2.3 to get rid of the, unnecessary, and potentially dangerous fchown() calls

[martin f krafft <madduck () madduck net>]

This just came in. It seems like a virus, if you ask me, there was
a file application/ms-download attached, named photo.exe. My virus
scanners did not detect anything, but since I haven't seen this
before, I thought I'd let you know.

Original attachment attached as encrypted ZIP file with p/w
'dangerous' (no quotes).

have fun.

----- Forwarded message from woods () ciudad com ar -----

[[ note this posting is CC'ed to BUGTRAQ.  I know of no current exploits
in BIND-8.2.3, but even so since I'm also enclosing a fix there may be
quite a few people who might want to be able to fix their own versions. ]]

The so-called "support" fix in change 999 of BIND-8.2.3 introduces some
unnecessary, and potentially very dangerous fchown() calls to named.

The worst one is the one that leaves the pid-file writable by the
supposedly 

----- End forwarded message -----

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
 
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
 
"i doubt larry wall ever uses strict."
                                                   -- frederick heckel

Attachment: attach.zip
Description:

Attachment: _bin
Description: