Debian/Ubuntu: Why was the service renamed from bind9 to named?
Fred Morris
m3047 at m3047.net
Thu Jul 23 15:13:52 UTC 2020
On Thu, 23 Jul 2020, charlie derr wrote:
> On 7/23/20 9:49 AM, Michael De Roover wrote:
>> [...]
>> For this to work at all though, they'd have to provide all packages
>> simply as source code (why not use the distribution's own source
>> repositories?) and compile it on the target.
> [...]
> While it would still *technically* be security by obscurity, it would
> seem to me that there's some value to this approach because access to
> the compiled binary wouldn't necessarily be easy to obtain (especially
> if the sysadmin provisioning the system takes extra efforts to *not*
> share it with anyone). Or am i missing something?
They actually run a very large build farm in AWS, and they claim that all
binaries are made just for you. Basically you change your distro's package
repositories to theirs. Preventing people from examining the binaries in
order to craft working memory exploits which work across a large installed
base is exactly what they're aiming to prevent.
Disclosure: I've heckled their CTO in a friendly fashion for making better
idiots, but I paid for my own Old Fashioned.
--
Fred Morris
More information about the bind-users
mailing list