Date: Wed, 29 Aug 2001 15:30:58 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Brian Somers <brian@Awfulhak.org> Cc: Joshua Goodall <joshua@roughtrade.net>, Giorgos Keramidas <keramida@ceid.upatras.gr>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <76675.999091858@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Wed, 29 Aug 2001 14:09:14 %2B0100." <200108291309.f7TD9Ef75762@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Aug 2001 14:09:14 +0100, Brian Somers wrote: > For the n'th time on this thread, everyone that has > > named_enable=YES > > in /etc/rc.conf and don't have ``named_flags='' will now have named > running with -u bind and will not be able to update their secondary > zone files. Why? The same mergemaster that changes named_flags in /etc/defaults/rc.conf will also change /etc/namedb/named.conf . > Now perhaps someone can tell me what the purpose of this blatant > -minded breakage is. What do we gain by changing the default > variable values for a service that has never been enabled by default ? We gain protection of a significant number of entry-level administrators from potential root exploits. I ignored the rest of your message because it only applies if you're right about the impact, and I don't think you are. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?76675.999091858>