From owner-freebsd-stable@FreeBSD.ORG Sun Nov 17 21:27:27 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9171559E; Sun, 17 Nov 2013 21:27:27 +0000 (UTC) Received: from roadkill.tharned.org (roadkill.tharned.org [75.145.12.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2E06B254B; Sun, 17 Nov 2013 21:27:26 +0000 (UTC) Received: from badger.tharned.org (badger.tharned.org [10.10.10.23]) (authenticated bits=0) by roadkill.tharned.org (8.14.7/8.14.7) with ESMTP id rAHLREoo010596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 17 Nov 2013 15:27:15 -0600 (CST) (envelope-from gcr@tharned.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2013; t=1384723635; bh=udZ9wFQDXIG1MdzPJwuUjoRzzCqCX6vhScvPPVEYjAU=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=4rMMVFWW2k7036uNOMg70aCbQAZbtQOlJYYwPcxeJ3JViuLh/+L1ShS+3slUHWhay 3OI7EplRuLlgtIjOT+xyDaHg5FYXK1Lyok5nZk7rG2Oot/1u4Q+weuVOXLKRCjuIxL gMWM7zHWavtDOgKYF2O2gCGfPSQFfeWk/b9suuyY= Date: Sun, 17 Nov 2013 15:27:14 -0600 (CST) From: Greg Rivers To: Erwin Lansing Subject: Re: FreeBSD 10 Beta2 /etc/rc.d/named script and /etc/defaults/rc.conf In-Reply-To: <20131112111322.GV90670@droso.dk> Message-ID: References: <20131103220654.GU52889@FreeBSD.org> <6AA4A8E1-CBCE-4C87-A320-BB08EC76715F@lassitu.de> <20131104083443.GZ52889@FreeBSD.org> <2B21E123-23BA-4E07-B9DD-9DE1CDE40D08@FreeBSD.org> <20131104163457.GJ52889@FreeBSD.org> <868B00D6-101A-4B17-995F-A3E2AFE41908@lansing.dk> <20131112111322.GV90670@droso.dk> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (roadkill.tharned.org [75.145.12.185]); Sun, 17 Nov 2013 15:27:15 -0600 (CST) Cc: FreeBSD Stable , Stefan Bethke , FreeBSD Current , Gleb Smirnoff , FreeBSD Release Engineering Team , George Kontostanos , =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= , =?ISO-8859-15?Q?=D6zkan_KIRIK?= X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2013 21:27:27 -0000 On Tue, 12 Nov 2013, Erwin Lansing wrote: > Sorry about the delay, but I did finally update all three dns/bind9* > ports today. > Thanks a lot for your work on this very important port. > I have dropped the complicated chroot, and related symlinking, logic > from the default rc script as I don't think that is the right place to > implement things. > I am somewhat astonished by this decision. FreeBSD has been running named chrooted for as long as I can remember. One of the really nice things about running BIND on FreeBSD has been that it came perfectly configured out of the box. I think a lot of people are going to be surprised by this. Maybe the rc script is the wrong place to set up the chroot, but shouldn't the port at least set it up at install time? Without this, there is going to be a lot of duplicated and error prone effort with everyone setting up their own chroot environment. > I would recommend users who want the extra security to use jail(8) > instead of a mere chroot. > Is it the consensus that running named chrooted doesn't really add additional security? If a jail is that much better, shouldn't the port set up an appropriately configured jail so that we once again have everything working out of the box? Maybe the Capsicum framework will supersede both chroots and jails for added BIND security, but until then, shouldn't the chroot feature be retained? -- Greg Rivers