[dns-operations] "freeware is a recipe for problems"

Florian Weimer fw at deneb.enyo.de
Thu Sep 24 18:18:46 UTC 2009


* Douglas Otis:

> There is a fair amount of effort attempting to make it more difficult
> for bad actors, once they find a means to escalate user privilege, to
> then locate code locations by things like ALSR (Address Space Layout
> Randomization).

This reference to ASLR is extremely odd in a DNS context.  At best,
ASLR turns code execution exploits into server crashes.  Does this
help?  In the DNS context, not that much.

> Maybe they are right. Perhaps it is better to not know what is lurking
> within a proprietary OS.

But that ship has sailed.  How many ISPs still run their DNS servers
on operating systems for which source code is not widely available?



More information about the dns-operations mailing list