From owner-freebsd-bugs  Sat Jun 15 18:50:11 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id BE64C37B41A
	for <freebsd-bugs@hub.freebsd.org>; Sat, 15 Jun 2002 18:50:03 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g5G1o3Q23854;
	Sat, 15 Jun 2002 18:50:03 -0700 (PDT)
	(envelope-from gnats)
Date: Sat, 15 Jun 2002 18:50:03 -0700 (PDT)
Message-Id: <200206160150.g5G1o3Q23854@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "."@babolo.ru
Subject: Re: bin/39355: Sandboxing BIND difficult and error-prone
Reply-To: "."@babolo.ru
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/39355; it has been noted by GNATS.

From: "."@babolo.ru
To: brett@lariat.org (Brett Glass)
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/39355: Sandboxing BIND difficult and error-prone
Date: Sun, 16 Jun 2002 05:44:07 +0400 (MSD)

 Brett Glass writes:
 > >Number:         39355
 > >Category:       bin
 > >Synopsis:       Sandboxing BIND difficult and error-prone
 > >Originator:     Brett Glass
 > >Release:        All recent releases
 > >Organization:
 > >Environment:
 > >Description:
 > The procedure for sandboxing BIND, as listed in the FreeBSD Handbook, requires files to be moved, permissions to be changed, directories to be created, configuration changes to be made.... All by hand. There are more than 20 steps to perform on 4.x out of the box, all fraught with potential errors.
 > 
 > 
 > >How-To-Repeat:
 > I can never repeat the problem exactly, because I make a different typo every time. ;-)
 > >Fix:
 > Ideally, the default install would be set up so that BIND was sandboxed from the get-go, or (at least) so that one could throw a switch in rc.conf to make it happen. Who maintains the BIND that's bundled with FreeBSD? Can we make this happen?
 
 See PR/38593 with fix
 
 -- 
 @BABOLO      http://links.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message