[Bro-Dev] BiF parsing index types
Seth Hall
seth at icir.org
Tue May 24 10:00:20 PDT 2011
On May 24, 2011, at 12:33 PM, Vern Paxson wrote:
> IIRC, it's used by Bro at startup to resolve hostnames in the policy
> scripts. If those fail to resolve due to a serious problem (rather than
> just the name not existing), then arguably Bro is about to run with
> fundamentally incorrect/missing information, which is not very safe.
Agreed, but I would consider it a fairly minimal risk due to such extremely limited use of that feature anyway. In the scripts I've been working on, I haven't even used it at all so the risk is even lower.
> That said, whether it should bomb out under such circumstances is
> still debatable.
I agree. If I get a chance soon I'll commit a change to fastpath changing those to runtime warnings instead of internal errors. Unless... Jon, would you like to do it?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list