Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Does blocking TCP DNS packets keep your Bind safe?

From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 14 Mar 2001 10:17:22 +1100 (EST)
In some email I received from Todd, sie wrote:

darren, all,

On Wed, 14 Mar 2001, Darren Reed wrote:

I think you're taking too hard a line on the ISC there.

BIND is written in C and for better or worse, C is *HARD* to program in
a secure and safe manner, especially when you have an application as large
and complex as BIND is.

The only way to run applications, such as BIND, is as non-root and in a
chroot'd environment.  BIND makes it rather easy to do this.

Maybe sendmail and BIND need to be rewritten in java ? ;)

Darren


you're probably right.  but here's my point:  other people (in particular
dan bernstein) *do* seem to be able to write secure code in C.


I've yet to see anything from mr djb which has even come close to the
complexity and richness of the ISC products (sendmail, named).

But then I'm not afraid of sendmail.cf O:-)

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: