Date: Wed, 16 Dec 1998 22:24:30 +0100 From: Jos Backus <Jos.Backus@nl.origin-it.com> To: committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <19981216222430.A93098@hal.mpn.cp.philips.com> In-Reply-To: <xzpvhjembb6.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Tue, Dec 15, 1998 at 02:41:17AM %2B0100 References: <xzpvhjembb6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 15, 1998 at 02:41:17AM +0100, Dag-Erling Smorgrav wrote: > Solution 1: don't run named as bind:bind (and consequently back out > revision 1.64 of src/etc/rc.conf and revisions 1.33 and 1.32 of > src/etc/mtree/BSD.root.dist) > > Solution 2: hack bind to temporarily regain privs when HUPed. Solution 3: hack update_pid_file()/write_open() in ns_config.c to use ftruncate() instead of unlink() and subsequently chown bind:bind /var/run/named.pid. -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/ _/ Jos.Backus@nl.origin-it.com _/_/ _/_/_/ use Std::Disclaimer; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981216222430.A93098>