Date: Fri, 18 Dec 1998 11:51:11 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Eivind Eklund <eivind@yes.no>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, Jos Backus <Jos.Backus@nl.origin-it.com>, committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <199812181951.LAA04753@apollo.backplane.com> References: <xzpvhjembb6.fsf@flood.ping.uio.no> <19981216222430.A93098@hal.mpn.cp.philips.com> <xzpempzi7xm.fsf@flood.ping.uio.no> <19981217132343.R68793@follo.net> <xzpk8zp1rcp.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
:Eivind Eklund <eivind@yes.no> writes:
:> Can we put DNSSANDBOX (or something like that) in /etc/rc.conf? I
:> would like to make it very, very easy to make it run in a sandbox...
:
:Very easy - just set named_flags to "" instead of "-u bind -g bind".
:
:DES
:--
:Dag-Erling Smorgrav - des@flood.ping.uio.no
Right. It would probably be overkill to implement DNSSANDBOX.
Much easier to simply leave named_flags set to "" for the
next release and put the "-u bind -g bind" mode in a comment.
What we need is a security man page that describes the steps
that can be taken to further secure the machine. I'll
volunteer to get it started :-)
apollo:/> man security
No manual entry for security
--
Did anyone receive my email to hackers/committers in regards to
implementing asleep() & await() ? I haven't gotten a single
response to it! And it ought to have elicited several dozen!
-Matt
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812181951.LAA04753>