[Pkg-dns-devel] Bug#888169: Bug#888169: seccomp support for bind9
Ondřej Surý
ondrej at sury.org
Tue Jan 23 18:59:33 UTC 2018
Control: tags -1 +wontfix
Hi,
seccomp is broken as it needs to be constantly updated to match the running kernel, so upstream is also going to remove seccomp support for subsequent releases. Henceforth it makes no sense to enable it, there are better mechanisms to protect the system. Also there was no RCE in a history of BIND 9 due to the design of BIND 9 (just a lot of crashes).
Ondřej
--
Ondřej Surý <ondrej at sury.org>
> On 23 Jan 2018, at 19:39, Simon Deziel <simon at sdeziel.info> wrote:
>
> Package: bind9
> Version: 1:9.11.2.P1-1
> Severity: wishlist
>
> Dear maintainers,
>
> It would be nice to enable seccomp support for bind9. Upstream added
> this feature some time ago [1].
>
> Thanks in advance,
> Simon
>
>
> [1]
> https://deepthought.isc.org/article/AA-01177/0/BIND-9.10.1b1-Release-Notes.html
>
> _______________________________________________
> pkg-dns-devel mailing list
> pkg-dns-devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
More information about the pkg-dns-devel
mailing list