Date: Fri, 3 Sep 1999 11:59:36 +0300 From: Anand Buddhdev <arb@anand.org> To: Dan Larsson <support@junglenote.com> Cc: "[FreeBSD-Questions-List] (E-post)" <freebsd-questions@freebsd.org> Subject: Re: bind sandboxes? Message-ID: <19990903115936.P42426@africaonline.co.ke> In-Reply-To: <01BEF5F8.7F2FB4C0.support@junglenote.com>; from Dan Larsson on Fri, Sep 03, 1999 at 10:38:43AM %2B0200 References: <01BEF5F8.7F2FB4C0.support@junglenote.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 03, 1999 at 10:38:43AM +0200, Dan Larsson wrote: A sandbox is a concept. A program running in a sandbox is running with less privileges, instead of running as root. This aids in enhancing security, because a compromise in that program does not leave the machine vulnerable to root break-in. In your case, you'd be running bind as user bind, instead of as root. You have to change the flags in /etc/rc.conf to make named run with the -u and -g options. See the man page for named for more info. > Does FreeBSD insinuate that I need a bucket and shovel with serious > time spent in a sandbox before I configure bind? I'd like to have the sandbox > theory regarding bind explained, please. > > Regards > ---- > Dan Larsson ( mailto:dan@junglenote.com ) > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- See complete headers for more info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990903115936.P42426>