Date: Tue, 15 Dec 1998 06:19:18 -0800 (PST) From: "Jonathan M. Bresler" <jmb@FreeBSD.ORG> To: dima@best.net Cc: dillon@apollo.backplane.com, des@flood.ping.uio.no, committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <199812151419.GAA02488@hub.freebsd.org> In-Reply-To: <199812150316.TAA20006@burka.rdy.com> (dima@best.net) References: <199812150316.TAA20006@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Matthew Dillon writes: > > The first problem is a non-problem, i.e. a bogus > > warning because HUPing named does not change it's > > pid. > > > > The second problem is real, and I did mention it. However, > > my feeling is that running named in a sandbox is a basic > > security precaution that must be taken and that the vast > > majority of configurations will not have a problem with > > it. It would be nice if there were a way to turn off > > the interface scanning junk, though. named is the only > > major program I know that does that (a Vixie bogosity, > > in my view). > Date: Mon, 14 Dec 1998 19:16:52 -0800 (PST) > From: dima@best.net (Dima Ruban) > > sendmail is the other one. i am currently preparing Postfix for commit. Postfix is a mail transfer agent written by Wieste Venema (tcp_wrappers and satan) which may be used in place of sendmail. (www.postfix.org) Postfix can be run in a chroot jail. Postfix should have its own userid. uid == gid == 25. username == groupname == postfix. Postfix should be commited later this week. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812151419.GAA02488>