Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Jan 2002 09:06:32 -0500
From:      Joe Abley <jabley@automagic.org>
To:        cjclark@alum.mit.edu
Cc:        Haikal Saadh <wyldephyre2@yahoo.com>, stable@FreeBSD.ORG
Subject:   Re: Chrooted bind  out of the box
Message-ID:  <20020107090632.P95067@buffoon.automagic.org>
In-Reply-To: <20020106112345.B237@gohan.cjclark.org>
References:  <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote:
> On Sat, Jan 05, 2002 at 10:26:01PM -0500, Joe Abley wrote:
> > On Sat, Jan 05, 2002 at 02:08:46PM -0800, Crist J. Clark wrote:
> > > On Sat, Jan 05, 2002 at 11:26:00AM +0500, Haikal Saadh wrote:
> > > > Is there a reason why bind is run as root by default and not bind.bind?
> > > > And not chrooted?
> > > > 
> > > > If I'm not mistaken almost everyone does this anyway, right?
> > > 
> > > IIRC, the last time it was discussed, it was felt changing this in the
> > > middle of -STABLE would be too disruptive. Many working BIND
> > > installations would break when people updated.
> > 
> > Why not create a named_chroot variable in defaults/rc.conf which
> > is by default set to NO, but which sysinstall can override in
> > /etc/rc.conf with a YES for fresh (non-upgrade) installs?
> 
> /etc/defaults/rc.conf are the defaults. Not everyone makes a new
> system with sysinstall(8), and having sysinstall(8) put new and
> unexpected things in rc.conf is in itself a POLA vilolation.

Sysinstall already installs local overrides in /etc/rc.conf. Obviously
these differ from those in /etc/defaults/rc.conf (or else the entries
would be unnecessary). Nobody said the changes needed to be unexpected.

The fact that not everybody makes a new system with sysinstall was
precisely what led me to suggest that mechanism; that way the modified
named environment is only made active if the installer has specifically
instructed sysinstall to make it so (or has installed specific tweaks
in /etc/rc.conf to make it happen).

> I was talking more about running named(8) as bind:bind. Chrooting has
> other issues, you need to actually build a chroot environment
> somewhere and decide what to put in it, and you still need to run as
> bind:bind for chrooting to be much of a security measure.

I will disagree with your last point...

> But if you really want to be clever, you should run named(8) in a
> jail(8).

... and I would sooner run named in a chroot jail in a standard
way than introduce FreeBSDisms that aren't going to be easily
administered by people more familiar with other platforms.


Joe

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020107090632.P95067>