nanog mailing list archives

Re: New addresses for b.root-servers.net

From: William Herrin <bill () herrin us>
Date: Wed, 7 Jun 2023 09:30:36 -0700

On Wed, Jun 7, 2023 at 8:41 AM Izaac <izaac () setec org> wrote:

On Sun, Jun 04, 2023 at 01:19:18PM -0700, William Herrin wrote:

IP address is hard-coded in Bind which will use it by default unless
configured not to.


It is not "hard coded."  It is a default configuration. You can change
it.  You are *supposed* to change it.


Data embedded in the binary is hard-coded. That's what hard-coded
means. If it makes you happier I'll qualify it as a "hard-coded
default," to differentiate it from settings the operator can't
override with configuration.

It's an instance of https://cwe.mitre.org/data/definitions/344.html
and you can see a similar sort of error in play in
https://cwe.mitre.org/data/definitions/798.html

First, you have completely ignored the argument: THERE IS NO FLAW IN
COMPUTATIONAL LOGIC.  There is no vulnerability.


A quick search of https://cve.mitre.org/cve/search_cve_list.html shows
between 600 and 3700 CVEs related to default configurations that are
either directly insecure or unexpectedly become insecure when some but
not all of the defaults are changed by the operator. The vast majority
of these CVEs exhibit, as you say, no flaw in the computational logic.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

Re: New addresses for b.root-servers.net, (continued)
- - - Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 03)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 03)
    - Re: New addresses for b.root-servers.net Izaac (Jun 04)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 04)
    - Re: New addresses for b.root-servers.net Mark Andrews (Jun 04)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 04)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 07)
    - Re: New addresses for b.root-servers.net Izaac (Jun 07)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 07)
    - Re: New addresses for b.root-servers.net Izaac (Jun 07)
    - Re: New addresses for b.root-servers.net Michael Butler via NANOG (Jun 07)
    - Re: New addresses for b.root-servers.net Izaac (Jun 07)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 07)
    - Re: New addresses for b.root-servers.net Izaac (Jun 07)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 07)
    - Re: New addresses for b.root-servers.net Izaac (Jun 07)
    - Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 15)
    - Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)

(Thread continues...)