Re: [suse-security] CERT Advisory CA-2001-02 Multiple Vulnerabilities in BIND (fwd)
use bind 9 with --disable-threads. Design decisions of the ext2 filesystem prohibit the use of Linux on systems that need some level of integrity.
Hm. Could you elaborate please?
Some time ago a couple of lawyers I would call friends put together a 200 page document about the BSD vs. GPL vs. DJB licences, probably I could dig it out.
Yes please!! Volker
On 31 Jan 2001, at 11:45, Volker Kuhlmann wrote:
Hm. Could you elaborate please?
Hi, what I could dig out in short time follows:
setup a linux mail server (a stock redhat install is enouth) and feed it with one or more client which sends mail as fast as they can (you can use the small program attached for this, it's best to change it to just print a sequence number). let it run this way for 10-20s and hit the reset button. The server will not come back up without a fsck -y and mail will be lost (just count how many were sent and how many are in the destination mailbox)
I think anybody with a little filesystem knowledge can do the analysis: fsync() doesn't behave properly on linux. This is not a bug but a design desision (at last it's what the ext2 developers says): no write ordering, which means you don't have up-to-date metadata when the data gets flushed.
HTH mike
participants (2)
-
Thomas Michael Wanka -
Volker Kuhlmann