BIND 10 #3114: Too large number crashes BIND 10 and stops it from being restarted
BIND 10 Development
do-not-reply at isc.org
Fri Aug 30 09:39:55 UTC 2013
#3114: Too large number crashes BIND 10 and stops it from being restarted
--------------------------------+-----------------------------------------
Reporter: cas | Owner:
Type: defect | Status: new
Priority: high | Milestone: New Tasks
Component: cmd-ctl | Resolution:
Keywords: | CVSS Scoring:
Sensitive: 0 | Defect Severity: N/A
Sub-Project: Core | Feature Depending on Ticket:
Estimated Difficulty: 0 | Add Hours to Ticket: 0
Total Hours: 0 | Internal?: 0
--------------------------------+-----------------------------------------
Comment (by cas):
Sending "Init Shutdown" is a task that admins willingly enter. A admin
does not enter that by accident. Entering a too large number can happen by
accident (it happen in the last BIND 10 training, esp. as it is difficult
to find information about the accepted number range. "config show" says
"integer", but not if a 16bit, 32bit, 64bit ... integer).
Such an accident by the (authenticated admin) should not result in a full
loss of service.
Compared with BIND 9, entering a wrong configuration parameter in
"named.conf" would result in "named" refusing to load the new config, but
the process would continue to run with the old config. Also with BIND 9,
the Admin has the chance to run "named-checkconf" to verify the config
before reloading. In BIND 10, this is not possible. The BIND 10 cmdctl
should validate all external data, including data entered by the admin.
Only valid input should be accepted and stored into the config database.
Internal Security / Safety is as important as external Security.
--
Ticket URL: <http://bind10.isc.org/ticket/3114#comment:4>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list