Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bind 4 and 8 Vulnerabilities

Posted by michael on from the who-uses-BIND4-anymore dept.

eecue writes "The world's most popular DNS package is once again vulnerable. Even the advisory says it's only a matter of time before worms are written.... just like a couple years ago. I guess this is why i run tinydns."

3 of 402 comments (clear)

  1. BIND 9 by the+eric+conspiracy · · Score: 1, Redundant

    And I guess this is why I run BIND 9...

  2. It serves any idiot right... by Wakko+Warner · · Score: 0, Redundant

    ...who runs BIND as "root" and doesn't jail it.

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  3. why I avoid djb code by Anonymous Coward · · Score: 0, Redundant
    I am sorry this will sound like a djb flame. But I truly believe that people should understand what they get into when they enter into the djb world. Mod me down as flamebait ... but I believe that what I speak is the truth.
    1. djb has too much control over the code he distributes

      djb's license leaves a lot to be desired See the linuxmafia djb FAQ for details.

      That site goes into much more extensive detail and says it better than I can here.

    2. djb code is written in a very poor style.

      It is as if djb thinks white space is a non-renewable resource.

      HINT: Strange code style makes it harder to review for correctness.

      PROBLEM: Bind is no great pile of wonderful code either.

    3. djb ego can be a problem

      If you ever have the unfortunate situation of disagreeing with djb, you know what I mean. Find a flaw and djb will argue with you until you give up in disgust.

      Yes: tinydns has flaws, but djb will argue that his code is the way things should work and it is the other hosts that have problems.

      HINT: What good is it to offer a reward for finding a bug when all you get is an argument in return?

      I'll refer you back to his distribution controlling licenses for another example.

      And if you EVER invent an algorithm, implement an idea, distribute code that djb things was his original idea ... well the EMail that you get from him is nothing short of amazing.

      HINT: If you are not willing to be an djb-acolyte, then you might as well forget it.

    4. djb is too quick to pull out the lawyers

      It seems that ever since his US DoJ lawsuit, djb feels free to wield his lawyer stick to anyone who dares editorialize on his activity. I see that the linuxmafia folks have encounters his legalistic zeal as well.

    dbj: You demonstrate that you have the ability to contribute to others very well. I only wish you were less controlling, open to constructive comments and easier to collaborate with ... you and others would benefit from a more gentle and less caustic approach to dealing with others.