|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: OT: Re: WANAL (Re: What could have been done differently?)
> What do you think of OpenBSD still installing BIND4 as part of the > default base system and recommended as secure by the OpenBSD FAQ ? > (See Section 6.8.3 in <http://www.openbsd.org/faq/faq6.html#DNS> ) i think that bind4 was relatively easy for them to do a format string audit on, and that bind9 was comparatively huge, and that their caution is justified based on bind4/bind8's record in CERT advisories, and that for feature level reasons they will move to bind9 as soon as they can complete a security audit on the code. (although in this case ISC and others have already completed such an audit, another pass never hurts.)
|