8.2.3 on sunspar(solaris7)

Fri Mar 23 11:03:59 UTC 2001

Right now I'm running 8.2.3 in a testlab.

Considering the fact that about every week a new release of 9 is available,
and changes are a PITA, we prolly will go for 8.2.3

Security is a must after all.

IMHO wouldn't it be wise to run release candidates in a high availability
demanding environment.

Kind regards,

Gody Keijzer.

-----Original Message-----
From: Jimi Thompson [mailto:JIMIT at prodigy.net]
Sent: Thursday, March 22, 2001 1:56 AM
To: HAG.Keijzer at mindef.nl
Subject: Re: 8.2.3 on sunspar(solaris7)

I would suggest building version 9 for yourself immediately.  We run it on
Solaris here and it works fine.  However, we built it from source code.
Version 9 contains several security enhancements over all of the version
8's.

If you visit BIND's site at http://www.isc.org/products/BIND/, it states
that "BIND version 9 is a major rewrite of nearly all aspects of the
underlying BIND architecture. Some of the important features of BIND 9 are:
" and goes on to list the improvements out.

In a high security environment like the military or defense contractor, one
must stay extremely current in order to prevent a security breach.  What Sun
isn't telling you is that the version of BIND they are shipping you and the
one that you are using is subject to buffer overruns that yield root access.

<HAG.Keijzer at mindef.nl> wrote in message news:98sqsi$ppv at pub3.rc.vix.com...
>
> Sun said there were 5 known vulnerabilities on 8.1.2
>
> and they 'claim' that the 4 severe ones have been fixed.
> only one was still open, and they were working on it.
>
> It's been quite some time since I worked with Solaris again, but I have to
> say I'm major disappointed in the way they maintain their bind releases.
> I guess it will be shadowing the current DNS with a 8.2.3 implementation
for
> a couple of month, and slowly transfer clients.
>
> Thank god i'm not the content maintainer of DNS.
>
> Kind regards,
>
> Gody Keijzer.
>
> -----Original Message-----
> From: Brad Knowles [mailto:brad.knowles at skynet.be]
> Sent: Friday, March 16, 2001 10:20 AM
> To: HAG.Keijzer at mindef.nl; benglur at hotmail.com; bind-users at isc.org
> Subject: RE: 8.2.3 on sunspar(solaris7)
>
>
> At 10:02 AM +0100 3/16/01, HAG.Keijzer at mindef.nl wrote:
>
> >  I did download bind8.2.3 at www.sunfreeware.com, and it seemed to work
> fine.
> >
> >  However, considering the demands at the current client (dutch army) I'm
> not
> >  sure if they want to use a PD version.
>
> Seeing as there are security holes in the version Sun ships, and
> the only way to get a more secure version is to either download the
> source yourself from the ISC site and build it, or trust the binaries
> built for you on the SunFreeware site, your choices are pretty
> limited.
>
> Are you going to be secure or not?  If so, then you ignore what
> Sun gives you.
>
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> #!/usr/bin/perl -w
> # 531-byte qrpff-fast, Keith Winstein and Marc Horowitz
> <sipb-iap-dvd at mit.edu>
> # MPEG 2 PS VOB file on stdin -> descrambled output on stdout
> # arguments: title key bytes in least to most-significant order
> # Usage:
> # qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 |
mpeg2_dec -
>
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
> ^=(
>
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%
> 16
> -2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48)
{$
> h
>
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
>
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
> $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
> (($h>>=8)+=$f+(~$g&$t))for at a[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval
>
>