From owner-freebsd-stable Mon Jan 7 6: 6:36 2002 Delivered-To: freebsd-stable@freebsd.org Received: from buffoon.automagic.org (buffoon.automagic.org [208.185.30.208]) by hub.freebsd.org (Postfix) with SMTP id 8010037B402 for ; Mon, 7 Jan 2002 06:06:33 -0800 (PST) Received: (qmail 37042 invoked by uid 1000); 7 Jan 2002 14:06:33 -0000 Date: Mon, 7 Jan 2002 09:06:32 -0500 From: Joe Abley To: cjclark@alum.mit.edu Cc: Haikal Saadh , stable@FreeBSD.ORG Subject: Re: Chrooted bind out of the box Message-ID: <20020107090632.P95067@buffoon.automagic.org> References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020106112345.B237@gohan.cjclark.org> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote: > On Sat, Jan 05, 2002 at 10:26:01PM -0500, Joe Abley wrote: > > On Sat, Jan 05, 2002 at 02:08:46PM -0800, Crist J. Clark wrote: > > > On Sat, Jan 05, 2002 at 11:26:00AM +0500, Haikal Saadh wrote: > > > > Is there a reason why bind is run as root by default and not bind.bind? > > > > And not chrooted? > > > > > > > > If I'm not mistaken almost everyone does this anyway, right? > > > > > > IIRC, the last time it was discussed, it was felt changing this in the > > > middle of -STABLE would be too disruptive. Many working BIND > > > installations would break when people updated. > > > > Why not create a named_chroot variable in defaults/rc.conf which > > is by default set to NO, but which sysinstall can override in > > /etc/rc.conf with a YES for fresh (non-upgrade) installs? > > /etc/defaults/rc.conf are the defaults. Not everyone makes a new > system with sysinstall(8), and having sysinstall(8) put new and > unexpected things in rc.conf is in itself a POLA vilolation. Sysinstall already installs local overrides in /etc/rc.conf. Obviously these differ from those in /etc/defaults/rc.conf (or else the entries would be unnecessary). Nobody said the changes needed to be unexpected. The fact that not everybody makes a new system with sysinstall was precisely what led me to suggest that mechanism; that way the modified named environment is only made active if the installer has specifically instructed sysinstall to make it so (or has installed specific tweaks in /etc/rc.conf to make it happen). > I was talking more about running named(8) as bind:bind. Chrooting has > other issues, you need to actually build a chroot environment > somewhere and decide what to put in it, and you still need to run as > bind:bind for chrooting to be much of a security measure. I will disagree with your last point... > But if you really want to be clever, you should run named(8) in a > jail(8). ... and I would sooner run named in a chroot jail in a standard way than introduce FreeBSDisms that aren't going to be easily administered by people more familiar with other platforms. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message