Date: Tue, 15 Dec 1998 17:07:19 +0000 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <19981215170719.A59007@scientia.demon.co.uk> In-Reply-To: <xzpvhjembb6.fsf@flood.ping.uio.no> References: <xzpvhjembb6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > One side-effect of forcing named to run as bind:bind is that when you > HUP it, it tries to recreate the pid file (update_pid_file(), which is > called from load_configuration(), both in ns_config.c), but can't > because it doesn't have privs any more and /var/run is only writeable > by root. Another, far more serious, side-effect is that when it > rescans interfaces (normally every 60 minutes) and finds an interface > it wasn't already bound to, it'll try to bind to it, and fail > miserably because only root can bind to port 53. Another minor side effect is that you can't dump the cache with SIGINT, since it can't write to /etc/namedb. The fix for this is simple, add dump-file "s/named_dump.db"; to the default named.conf, or at least add a comment to that effect with the other comments about the sandbox. The same could be done for the pid file, saving it in /etc/namedb/s, but that would probably be a bad idea since most other pid files go in /var/run Just my 2p -- Ben Smithurst ben@scientia.demon.co.uk send a blank message to ben+pgp@scientia.demon.co.uk for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981215170719.A59007>