[Bloat] bind vulnerability patched in cerowrt tree

Dave Taht dave.taht at gmail.com
Thu Nov 17 10:55:33 EST 2011


1) There is a fairly gnarly bind9 bug going around.

http://isc.sans.edu/diary.html?storyid=12049&rss

Regrettably I'm not in a position to make binaries for the lastest smoketest.

However updated sources are in the ceropackages repository. For those of you
doing your own builds, that would be something like

cd your_ceropackages_repo
git pull
cd ../your_cerowrt_dir
./scripts/feeds update cero
make package/bind-latest-server/{clean,compile,install}

2) In fact, I was just about to abandon the rc7-smoketest series entirely.

... and go to rc8. 'rc' is getting to be a misnomer...

A core goal was to get to where debloat-testing and cerowrt were
basically the same kernel,
and to stay within 2 kernel revision cycles. We're slipped past that.

rc8 has a pile O patches in it, notably linux 3.1.1, a new dropbear,
portions of debloat-testing,
another packet scheduler, a fix (I hope!) for the wifi detection
problem, dhcpv6, I forget
what else...
and I was about to fold some stuff from petri in there, and, well,
then item 1 cropped up.

3) I've been reflecting on what it takes to harden 'the front door' to a home.

It's not just limited to vulnerabilities to one daemon.

The simplest thing to do about that would be to buy some fishing gear,
and find a deserted
tropic island somewhere lacking in technology entirely. But then there
might be cannibals.


-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
FR Tel: 0638645374
http://www.bufferbloat.net



More information about the Bloat mailing list