User: Password:
|
|
Subscribe / Log in / New account

DNSCurve: an alternative to DNSSEC

DNSCurve: an alternative to DNSSEC

Posted Jul 9, 2009 14:30 UTC (Thu) by charlieb (guest, #23340)
In reply to: DNSCurve: an alternative to DNSSEC by pkern
Parent article: DNSCurve: an alternative to DNSSEC

I think you are confusing the qmail guarantee with the djbdns guarantee:

http://news.ycombinator.com/item?id=502651


(Log in to post comments)

DNSCurve: an alternative to DNSSEC

Posted Jul 19, 2009 7:10 UTC (Sun) by eupator (guest, #44581) [Link]

The qmail guarantee was claimed as well, years ago. DJB just didn't pay. His argument was that the exploit can be prevented if rlimit is used to limit the process virtual memory to 4 GB, which he argues should always be the case, and so the bug is not a real security hole.

Never mind that qmail didn't set such a resource limit (and still doesn't), requirement to do so by hand was not documented (and still isn't), and no one generally does so, as you can verify by running 'ulimit -v'.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds