From: "Warren W. Gay VE3WWG" <ve3wwg@home.com>
Subject: Re: BIND is Crying Out for Ada95
Date: Thu, 08 Feb 2001 20:50:22 GMT
Date: 2001-02-08T20:50:22+00:00 [thread overview]
Message-ID: <3A830648.FDB619EA@home.com> (raw)
In-Reply-To: 87u264ap6p.fsf@deneb.enyo.de
Florian Weimer wrote:
>
> "Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:
>
> > If someone has the time, here is a perfect chance to put Ada95
> > into the forefront, with a well written Ada95 version of BIND,
> > with fewer weekly exploits. It provides an essential service
> > for just about ALL networked systems today (what an opportunity ;-)
>
> Ada wouldn't help here. Even if your DNS name server is more reliable,
> DNS will still be subject to all kinds of attacks, because not only
> BIND is insecure, the DNS protocol is inadequate, too.
I disagree. Its not hard find vulnerabilities like this example:
Vulnerability #5: the "maxdname bug"
Improper handling of certain data copied from the network could allow
a remote intruder to disrupt the normal operation of your name server, possibly
including a crash.
I'll bet, if we look at the code, its related to such things as exceeding
C array bounds and other C-evils.
I'm not saying Ada is a cure-all -- but I think it has a lot to offer
in this area.
--
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg
next prev parent reply other threads:[~2001-02-08 20:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-08 17:33 BIND is Crying Out for Ada95 Warren W. Gay VE3WWG
2001-02-08 20:35 ` Florian Weimer
2001-02-08 20:50 ` Warren W. Gay VE3WWG [this message]
2001-02-08 21:28 ` Florian Weimer
2001-02-09 9:16 ` Tarjei T. Jensen
2001-02-09 10:43 ` Lutz Donnerhacke
2001-02-09 11:47 ` Lutz Donnerhacke
2001-02-09 13:47 ` Tarjei T. Jensen
2001-02-09 16:04 ` Lutz Donnerhacke
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox