Re: BIND bugs of the month

[djb () CR YP TO (D. J. Bernstein)]

A sniffing attacker can easily forge responses to your DNS requests. He
can steal your outgoing mail, for example, and intercept your ``secure''
web transactions. This is obviously a problem.

We know how to solve this problem with cryptographic techniques. DNSSEC
has InterNIC digitally sign all DNS records, usually through a chain of
intermediate authorities. Attackers can't forge the signatures.

Of course, this system still allows InterNIC to steal your outgoing
mail, and intercept your ``secure'' web transactions. We know how to
solve this problem too. The solution is simpler and faster than DNSSEC,
though it only works for long domain names: use cryptographic signature
key hashes as domain names.

But all this cryptographic work accomplishes _nothing_ if the servers
are subject to buffer overflows! An attacker doesn't have to bother
guessing or sniffing query times and IDs, and forging DNS responses,
if he can simply take over the DNS server.

This NXT buffer overflow isn't part of some old code that Paul Vixie
inherited from careless graduate students. It's new code. It's part of
BIND's DNSSEC implementation. I don't find the irony amusing. Obviously
ISC's auditing is inadequate.

Does anyone seriously believe that the current BIND code is secure? If
it isn't, adding DNSSEC to it doesn't help anybody. Is ISC going to
rewrite the client and server in a way that gives us confidence in
their security?

David R. Conrad writes:
> In addition, we recommend running your nameserver as non-root and
> chrooted (I know setting this up is non-trivial -- it'll be much, much
> easier in BINDv9).

``I wouldn't consider installing named any other way,'' I told Vixie in
September 1996. He didn't respond. Of course, DNSSEC is equally useless
either way; the only question is whether an attacker can also take over
the rest of the machine.

---Dan