Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Aug 2001 12:40:33 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc:        Jun Kuriyama <kuriyama@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf
Message-ID:  <20010823124033.A90942@xor.obsecurity.org>
In-Reply-To: <20010823174457.A27360@nagual.pp.ru>; from ache@nagual.pp.ru on Thu, Aug 23, 2001 at 05:44:58PM %2B0400
References:  <200108231334.f7NDYkK79251@freefall.freebsd.org> <20010823174457.A27360@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 23, 2001 at 05:44:58PM +0400, Andrey A. Chernov wrote:
> On Thu, Aug 23, 2001 at 06:34:46 -0700, Jun Kuriyama wrote:
> > kuriyama    2001/08/23 06:34:46 PDT
> >=20
> >   Modified files:
> >     etc/defaults         rc.conf=20
> >     etc/mtree            BSD.var.dist=20
> >     etc/namedb           named.conf=20
> >   Log:
> >   Invoke named with privilege of bind:bind.
> >   Change pidfile location to /var/run/named/pid.
>=20
> Is it discussed or I miss something? We already have an option to run it
> in bind sandbox, but as non-default option. Some functions not works in
> bind sandbox, I don't remember exactly at this moment.

With my security officer hat on, I support this change.  It is not
suitable for everyone because of the interface binding problem, but
since named requires configuration before it can be used, slightly
changing the nature of that configuration process for some people is a
reasonable thing to do providing it's documented.

It's well past time we did this, and if there's ever another remote
hole in bind8, we'll all thank Kuriyama-san for doing it.

Kris

--huq684BweRXVnRxX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7hVwxWry0BWjoQKURAuY+AJ404klcQLIhwnA4aUHeaBKZO7BOpwCg9Y30
AiSoAFEwUO9Nkt1oNOZbFGY=
=VfUc
-----END PGP SIGNATURE-----

--huq684BweRXVnRxX--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010823124033.A90942>