> Solaris != linux
But the problem would stay exactly the same with an outdated (or just not
updated) Linux distribution.
> The openwall/Solar Designer patch works with bind.
I didn't say it doesn't. Just that I prefer to get a bind that is immune to
this kind of attacks than cores all over the place and a bind that doesn't
work because it is being probed from all over the planet.
> Try it out on a non production box and see if you can break it, then start
> comparing those results with an unmodified linux kernel.
Linus stated it _won't_ go into the kernel, because it just papers over
bugs in userland code, and buys very little (if any) extra security, and
moreover breaks legitimate programs. He outlined ways to use stack
overflows even in this case, and to think crackers won't be able to use
them just because they are harder to get right (note that those attacks
will also work on unpatched systems) is delusion. Dangerous one.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/