Date: Wed, 16 Dec 1998 22:24:30 +0100 From: Jos Backus <Jos.Backus@nl.origin-it.com> To: committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <19981216222430.A93098@hal.mpn.cp.philips.com> In-Reply-To: <xzpvhjembb6.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Tue, Dec 15, 1998 at 02:41:17AM %2B0100 References: <xzpvhjembb6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 15, 1998 at 02:41:17AM +0100, Dag-Erling Smorgrav wrote:
> Solution 1: don't run named as bind:bind (and consequently back out
> revision 1.64 of src/etc/rc.conf and revisions 1.33 and 1.32 of
> src/etc/mtree/BSD.root.dist)
>
> Solution 2: hack bind to temporarily regain privs when HUPed.
Solution 3: hack update_pid_file()/write_open() in ns_config.c to use
ftruncate() instead of unlink() and subsequently
chown bind:bind /var/run/named.pid.
--
Jos Backus _/ _/_/_/ "Reliability means never
_/ _/ _/ having to say you're sorry."
_/ _/_/_/ -- D. J. Bernstein
_/ _/ _/ _/
Jos.Backus@nl.origin-it.com _/_/ _/_/_/ use Std::Disclaimer;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981216222430.A93098>