Dan, > This NXT buffer overflow isn't part of some old code that Paul Vixie > inherited from careless graduate students. It's new code. Actually, most of the code is derived from a prototype DNSSEC implementation done by John Gilmore and TIS quite a while back. TIS (sorry, Network Associates) contributed the revised implementation for the 8.2 release. > Obviously ISC's auditing is inadequate. For BINDv8, yes, it obviously was. > Is ISC going to > rewrite the client and server in a way that gives us confidence in > their security? BIND version 9 is a complete rewrite with an attempt to focus on compartmentalization and auditability of the code. Regards, -drc
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:16 PDT