New addresses for b.root-servers.net

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 7, 2023 at 8:41 AM Izaac <izaac at setec.org> wrote:
> On Sun, Jun 04, 2023 at 01:19:18PM -0700, William Herrin wrote:
> > IP address is hard-coded in Bind which will use it by default unless
> > configured not to.
>
> It is not "hard coded."  It is a default configuration. You can change
> it.  You are *supposed* to change it.

Data embedded in the binary is hard-coded. That's what hard-coded
means. If it makes you happier I'll qualify it as a "hard-coded
default," to differentiate it from settings the operator can't
override with configuration.

It's an instance of https://cwe.mitre.org/data/definitions/344.html
and you can see a similar sort of error in play in
https://cwe.mitre.org/data/definitions/798.html


> First, you have completely ignored the argument: THERE IS NO FLAW IN
> COMPUTATIONAL LOGIC.  There is no vulnerability.

A quick search of https://cve.mitre.org/cve/search_cve_list.html shows
between 600 and 3700 CVEs related to default configurations that are
either directly insecure or unexpectedly become insecure when some but
not all of the defaults are changed by the operator. The vast majority
of these CVEs exhibit, as you say, no flaw in the computational logic.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]