Date: Thu, 11 Nov 1999 15:31:08 -0800 (PST) From: Sean Eric Fagan <sef@kithrup.com> To: security@freebsd.org Subject: Re: Why not sandbox BIND? Message-ID: <199911112331.PAA20772@kithrup.com> In-Reply-To: <Pine.LNX.4.10.9911111715070.4354-100000.kithrup.freebsd.security@dolemite.psionic.com> References: <4.2.0.58.19991111160840.042469d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <Pine.LNX.4.10.9911111715070.4354-100000.kithrup.freebsd.security@dolemite.psionic.com> you write: >BIND 8.x allows one to chroot() it very easily. One of the principal bind developers has taken the existing linux capabilities implementation and run bind under it. He's very happy -- it runs as root, and yet pretty much can't do anything. As that feature is useful for _other_ things (think sendmail), I think that's the direction to go in, really. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911112331.PAA20772>