Date: Wed, 31 Jan 2001 14:48:13 -0800 (PST) From: Brian Behlendorf <brian@collab.net> To: Alfred Perlstein <bright@wintelcom.net> Cc: Roman Shterenzon <roman@xpert.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind Message-ID: <Pine.BSF.4.31.0101311447150.729-100000@localhost> In-Reply-To: <20010131140447.E26076@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 31 Jan 2001, Alfred Perlstein wrote: > * Roman Shterenzon <roman@xpert.com> [010131 13:56] wrote: > > On Wed, 31 Jan 2001, FreeBSD Security Advisories wrote: > > > > > ============================================================================= > > > FreeBSD-SA-01:18 Security Advisory > > > > > > Topic: BIND remotely exploitable buffer overflow > > ..snip.. > > > > Why not make it default in the base system? > > It has been, but only for several days. I think he meant, why not set those recommendations for running as user "bind" and in a chroot jail as the default? Unless I'm missing something, that's not the case currently: [yez] 2:47pm ~ > fgrep -i named_flag /etc/defaults/rc.conf named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0101311447150.729-100000>