Skip site navigation (1)Skip section navigation (2) 
Date:      21 Dec 1998 15:45:49 +0100
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        Matt Dillon <dillon@FreeBSD.ORG>
Cc:        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: src/etc rc.conf
Message-ID:  <xzp67b5ft9e.fsf@flood.ping.uio.no>
In-Reply-To: Matt Dillon's message of "Fri, 18 Dec 1998 23:25:57 -0800 (PST)"
References:  <199812190725.XAA05479@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matt Dillon <dillon@FreeBSD.ORG> writes:
>   Log:
>       Take bind out of sandbox and run it as root again, but leave support
>       mechanisms ('bind' user and group) in place so the feature can be easily
>       turned on.  There were too many complaints.  The security(1) man
>       page will be created/updated to include the appropriate info.

Complaints? The naked truth is that it will not work in any but the
simplest setups, unless you add code to named to temporarily regain
privs before updating the pid file or rescanning interfaces. Doing so
will void any security the sandbox may give you, since it will make it
possible for hypothetical buffer overflow exploits to regain privs.

If named is run in the sandbox, it will have to be restarted every
time an interface comes up after being down an hour or more - less if
you lower interface-interval in /etc/namedb/named.conf, which you
probably will if you run a caching nameserver on a box that has a
dynamic IP address (e.g. a dialout gateway). It will also complain
loudly every time it receives any of SIGHUP, SIGINT, SIGILL, SIGSYS or
SIGTERM unless you perform the appropriate named.conf magic to move
the pid and dump files to a directory writeable by bind:bind.

OBTW, the /etc/named/s/ hack is just that - a hack, and an ugly one at
that.

You'll just have to come to terms with the fact that named needs
privs.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp67b5ft9e.fsf>