From owner-freebsd-security  Fri Nov 12 16:19:54 1999
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 3B35814DBB; Fri, 12 Nov 1999 16:19:49 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 26CA01CD438; Fri, 12 Nov 1999 16:19:49 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Fri, 12 Nov 1999 16:19:49 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Barry Irwin <bvi@rucus.ru.ac.za>
Cc: Josef Karthauser <joe@pavilion.net>,
	Brett Glass <brett@lariat.org>, Bill Fumerola <billf@chc-chimes.com>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	security@FreeBSD.ORG
Subject: Re: Why not sandbox BIND?
In-Reply-To: <19991112212912.Z57266@rucus.ru.ac.za>
Message-ID: <Pine.BSF.4.10.9911121616400.32210-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 12 Nov 1999, Barry Irwin wrote:

> 3.2 System CVSup'd doesnt have it by default
> su-2.03# cat /etc/passwd | grep named

That's because, as several people have explained, the user is 'bind', not
'named'.

The bind user and group was added by Matt Dillon on Dec 1, 1998, according
to http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/master.passwd, and is
present in 3.1-R, 3.2-R and 3.3-R

The reason why sandboxing is not enabled by default has been explained
elsewhere in this thread.

Kris

----
Cthulhu for President! For when you're tired of choosing the _lesser_ of
two evils..



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message