BIND is Crying Out for Ada95

BIND is Crying Out for Ada95

[Warren W. Gay VE3WWG]

If someone has the time, here is a perfect chance to put Ada95
into the forefront, with a well written Ada95 version of BIND,
with fewer weekly exploits. It provides an essential service
for just about ALL networked systems today (what an opportunity ;-)

I would take this on myself, but I already have an Ada95 project 
that I am trying to finish.. see text/href below:

Excerpted from http://lwn.net re BIND vulnerabilities:

... The Berkeley Internet
Name Domain (BIND) server is one of the classic free software success
stories.  It is free software, and plays a crucial role in the operation of
the Internet.  It runs almost every DNS server on the planet; its "market
share" makes Sendmail and Apache look like bit players.

And therein lies the problem.  When a security problem turns up in BIND,
the entire net is immediately vulnerable.  In this respect, the net is a
monoculture.  Imagine the damage that could be done by a malign individual
who is able to find and exploit a new BIND bug.  Given that (1) BIND
bugs seem to turn up regularly, and (2) BIND 9 contains a large
amount of new code, this scenario is a real possibility.  The fact that ISC
plans to create a closed forum for the discussion of BIND security issues
does not add confidence in this area.

Full text at this week's http://lwn.net front page.

-- 
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg

Re: BIND is Crying Out for Ada95

[Florian Weimer]

"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:

> If someone has the time, here is a perfect chance to put Ada95
> into the forefront, with a well written Ada95 version of BIND,
> with fewer weekly exploits. It provides an essential service
> for just about ALL networked systems today (what an opportunity ;-)

Ada wouldn't help here. Even if your DNS name server is more reliable,
DNS will still be subject to all kinds of attacks, because not only
BIND is insecure, the DNS protocol is inadequate, too.

Re: BIND is Crying Out for Ada95

[Warren W. Gay VE3WWG]

Florian Weimer wrote:
> 
> "Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:
> 
> > If someone has the time, here is a perfect chance to put Ada95
> > into the forefront, with a well written Ada95 version of BIND,
> > with fewer weekly exploits. It provides an essential service
> > for just about ALL networked systems today (what an opportunity ;-)
> 
> Ada wouldn't help here. Even if your DNS name server is more reliable,
> DNS will still be subject to all kinds of attacks, because not only
> BIND is insecure, the DNS protocol is inadequate, too.

I disagree. Its not hard find vulnerabilities like this example:

Vulnerability #5: the "maxdname bug"

Improper handling of certain data copied from the network could allow 
a remote intruder to disrupt the normal operation of your name server, possibly
including a crash. 

I'll bet, if we look at the code, its related to such things as exceeding
C array bounds and other C-evils.

I'm not saying Ada is a cure-all -- but I think it has a lot to offer
in this area.

-- 
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg

Re: BIND is Crying Out for Ada95

[Florian Weimer]

"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:

> > Ada wouldn't help here. Even if your DNS name server is more reliable,
> > DNS will still be subject to all kinds of attacks, because not only
> > BIND is insecure, the DNS protocol is inadequate, too.
> 
> I disagree. Its not hard find vulnerabilities like this example:
> 
> Vulnerability #5: the "maxdname bug"

You should chose the TSIG bug. ;-)

Of course, there are a lot of BIND vulnerabilities which could be
avoided by using Ada.  But the DNS protocol itself is vulnerable to a
wide range of attacks, and you can't solve this by implementing the
protocol in Ada (or any other programming language).

Re: BIND is Crying Out for Ada95

[Tarjei T. Jensen]

Florian Weimer wrote in message <87u264ap6p.fsf@deneb.enyo.de>...
>"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:
>
>> If someone has the time, here is a perfect chance to put Ada95
>> into the forefront, with a well written Ada95 version of BIND,
>> with fewer weekly exploits. It provides an essential service
>> for just about ALL networked systems today (what an opportunity ;-)
>
>Ada wouldn't help here. Even if your DNS name server is more reliable,
>DNS will still be subject to all kinds of attacks, because not only
>BIND is insecure, the DNS protocol is inadequate, too.

Actually, I think Ada would help because the current bind is a bit bloated and
they may have problems getting a decent structure to the software. With a
modular aproach to developing the software, it should be possible to go far.
Especially since Ada has many of the features that is required for this sort of
software.

The nice thing about doing the server it that you can design your own resolver
routines for the clients. That means that the current problems with the
protocol can be fixed. You will of course have to support the old way for quite
some time.

On many modern Unixes the resolver routines queries the local nsd services
which again determines wheter to send a query to the DNS server or use a cached
result. This means that it is possible to change the query protocol without
requiring the software to be re-compiled.

For an alternative aproach to a DNS server you could try
http://cr.yp.to/djbdns.html. DJB is not known for his modesty or diplomatic
language, but he is not exactly stupid. His other software is at
http://cr.yp.to/software.html.


Greetings,

Re: BIND is Crying Out for Ada95

[Lutz Donnerhacke]

* Tarjei T. Jensen wrote:
>For an alternative aproach to a DNS server you could try
>http://cr.yp.to/djbdns.html. DJB is not known for his modesty or diplomatic
>language, but he is not exactly stupid. His other software is at
>http://cr.yp.to/software.html.

Please to not overestimate djb's views. They are interesting but often not
applicable. For a detailed discussion: Please read the (German language)
thread in de.comp.security.firewall.

Shure, Ada95 might help to prevent buffer overflows, but even Ada95 can not
create correct code from an incorrect source.

The main problem with DNS is the protocol. And the main problem with UNIX
daemons is the braindead API of syscalls and libraries.

Re: BIND is Crying Out for Ada95

[Lutz Donnerhacke]

* Lutz Donnerhacke wrote:
>The main problem with DNS is the protocol. And the main problem with UNIX
>daemons is the braindead API of syscalls and libraries.

To stress this further I quote something from BUGTRAQ:
  This is apparently caused by a kernel bug: A very short-lived incoming TCP
  connection can cause accept() to return successfully but fail to fill in
  the peer address structure pointed to by the second argument.

Would you catch a exception caused by incorrect data returned by the system?
BIND 9.1.0 died by a assert() call checking these return values (AFAIUTS).

Re: BIND is Crying Out for Ada95

[Tarjei T. Jensen]

Lutz Donnerhacke wrote
>Shure, Ada95 might help to prevent buffer overflows, but even Ada95 can not
>create correct code from an incorrect source.

The point is of course to write something new from scratch and take advantage
of Ada.

>The main problem with DNS is the protocol. And the main problem with UNIX
>daemons is the braindead API of syscalls and libraries.

Workarounds exists.


Greetings,

Re: BIND is Crying Out for Ada95

[Lutz Donnerhacke]

* Tarjei T. Jensen wrote:
>Lutz Donnerhacke wrote
>>Shure, Ada95 might help to prevent buffer overflows, but even Ada95 can not
>>create correct code from an incorrect source.
>
>The point is of course to write something new from scratch and take advantage
>of Ada.

That's what I'm doing these days. Unfortunly I have to invent a more
flexible data representation language first.

>>The main problem with DNS is the protocol. And the main problem with UNIX
>>daemons is the braindead API of syscalls and libraries.
>
>Workarounds exists.

Workarounds are never a solution.