faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

41 of 65 people (63%) answered Yes
Recently 5 of 10 people (50%) answered Yes

Entry

How is djbdns more secure?
Is there really an unclaimed $500 cash reward for security holes?
How is djbdns more secure?

Dec 7th, 2001 03:11
Brian Coogan, 


The fact that Dan Bernstein is prepared to offer a personal $500 
security guarantee speaks volumes about the way djbdns was designed 
(either that, or he's paid too much!).  Some security features:
 - daemons run as non-root users with separate user-ids;
   (the user-ids need have no permission at all on the filesystem
    and thus their ability to impact the system is low)
 - locks itself into an isolated tree on the system via chroot;
   (meaning the process has only very limited access to the
    filesystem and configuration when running)
 - dnscache is immune to cache poisoning;
   (meaning it cannot be attacked and forced to lie about IP
    addresses)
 - dnscache is careful about who it listens to;
   (again meaning it is very hard to mislead dnscache)
 - djbdns is designed carefully with an emphasis on simplicity.
   (simple means easy to audit and less likely to have bugs)
For more details see http://cr.yp.to/djbdns/ad/security.html
There is a $500 reward for the first demonstrable real security hole in 
djbdns.  The author is sufficiently confident that djbdns is secure 
such that he is prepared to offer a reward for holes out of his own 
pocket - something almost unheard of in the software industry, let 
alone for software whose source is made publicly available!  Either 
this is incredibly foolhardy or makes a statement -- and come what may, 
the $500 has remained unclaimed, as has a similar amount for qmail 
security.
A point well worth noting is that djbdns is some 13,000 lines of C code 
and Bind is well over 100,000 lines of code (I've heard rumours Bind 9 
is 300,000 lines).  It is a _lot_ easier to audit 13,000 lines of code 
for security problems than it is to audit 100,000 lines of code!
For details on the security guarantee itself see
 http://cr.yp.to/djbdns/guarantee.html
For some additional thoughts from djb on secure design (from qmail):
 http://cr.yp.to/qmail/guarantee.html