question about "Assertion Failure" in BIND

Mark Andrews marka at isc.org
Thu Mar 7 22:19:46 UTC 2019 


> On 7 Mar 2019, at 9:36 pm, 徐明杰 <xumingjie at iie.ac.cn> wrote:
> 
> Hello all, I have some questions about "Assertion Failure" in BIND. 
> Most of the security advisories report that the security bugs can result in a assertion failure. I'm not familiar with event-driven programming paradigm, so I' not sure if every assertion failure can cause BIND to crash and is there any mechanism in BIND that can just drop the event which triggers an assertion failure and move on to other events?

An assertion failure is when a expected condition required for continued operation is tested for and is not met.  A controlled exit from the program is then performed.  We do this in such a manner that a deliberate core dump is attempted to be produced for diagnostic purposes.

An assertion failure is always due logic failure.  It is never safe to continue when the program is in a unexpected state.  One needs to examine the logic that lead up to the assertion and correct it.  Sometimes the correction is actually removing the assertion.  Sometimes it is fixing the assertion expression. Sometimes it is turning the assertion into a conditional expression.  Sometimes it is fixing some other part of the code.  Usually the cause is nearby in the code or the immediate callers to that code.

An assertion failure in named is almost always has a score of 7.5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which requires us to issue a advisory according to our policy. Even running it in a environment where it is automatically restarted only drops this to a score of 5.3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L which is also above our threshold for a advisory and we have no way of knowing if named is running in such a environment.

That said I’d much rather have 100’s of CVE’s for assertion failures than one for remote execution.  Named has over 12000 places where it performs some assertion check.  We don’t assume.  We check.

Running named from a nanny program that will restart it is useful.  Some OS’s come with such programs already installed.  e.g. launchd and Windows Services manager.

If you have a assertion failure in named report it to security at isc.org.

Mark

> Thanks.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list