Date: Thu, 1 Feb 2001 12:30:21 -0500 From: Vivek Khera <khera@kciLink.com> To: stable@FreeBSD.ORG Subject: Re: DNS security Message-ID: <14969.40237.815895.937483@onceler.kciLink.com> In-Reply-To: <200102011716.f11HGK503410@pau-amma.whistle.com> References: <14969.38607.142726.115583@onceler.kciLink.com> <200102011716.f11HGK503410@pau-amma.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "DW" == David Wolfskill <dhw@whistle.com> writes:
>> From: Vivek Khera <khera@kciLink.com>
>> 2) bind tries to write temporary files into the CWD. Unfortunately,
>> /etc/namedb is root:wheel and not writable by the bind process
DW> In turn, named.conf has a directive:
DW> options {
DW> directory "/etc/namedb";
DW> ...
DW> };
Right... but then I have to make whatever is set to "directory"
writable by bind, and that means that bind has free reign over
everything there. I'd like to be able to tell bind to put its files
in some other directory that it is allowed to write to leaving my zone
files and such better protected from possible future bugs.
It is trivial of course to make /etc/namedb writable by bind except
make world will reset it...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14969.40237.815895.937483>