[Previous] [Next] [Index]
[Thread]
Re: _DNS_ security problems
I'll start by saying that your not confused me. On alternate readings it
seemed to me that you switched viewpoints and now agree with me. But in
true email style, I won't let that stop me arguing with you. :)
>Are you saying that the folks working on sendmail are _not_ responsible
>for knowing the implications of using syslog? Eric scheduled and
>deployed a fix - the java team has apparently scheduled one.
No, whoever uses syslog should know its limitations. Knowing C and knowing
the API, when I decided to use syslog in INN I knew that I could never
blindly allow "%s" with arbitrary user input -- its length must be
constrained. It is unfortunate that sendmail (and others) *did* make the
mistake. It's sad that Eric Allman had to do a sendmail patch since Eric
wrote the original syslog.
This reasoning carries over exactly to Java and its use of DNS. If Java
uses DNS, then it is responsible for knowing what DNS does, and doesn't
provide. A language implementation is not very safe if it blindly trusts
gethostbyaddr() to ensure that outgoing connections can only be made to
the incoming host.
>Again, DNS should be made safer.
Undoubtedly. But that's not the point. The point is that right now its
safety/security is minimal, and pretending otherwise is a bad idea.
>for both name server hardware and application programmers (who can't be
>guaranteed to be knowledgeable about all things),
But if a language implementation is making security guarantees, then it
borders on dishonesty to not understand the implications of what they are
building into their trusted computing base.
Particular DNS. Particularly after Mitnick's hacks.
/r$
Follow-Ups: