In a previous thread we hinted at problems with the "nsd" service on Irix 6.5 - it uses NFS for internal communication, giving plenty of potential exploit material... Indeed, it turns out that the Irix 6.5.3 overlays contain some "fixes" for this... As usual, we have some good news and some bad news: The Bad News: The 6.5.3 overlays make no visible difference to the operation of nsd. i.e. UDP ports are still open all over the place, so the "fixes" are presumably of the internal access contol type. The Good News: If you have full source for your application, you can bypass the Irix resolver libraries altogether and use bind instead. Simply build/install bind-8.1.2, tweak your application's cc flags with something like "-L /usr/local/bind/lib -l bind" and rebuild at gas mark 2 for 12 minutes. cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adamat_private UNITED KINGDOM PGP key on keyservers
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:17 PDT