Date: Fri, 18 Dec 1998 11:51:11 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Eivind Eklund <eivind@yes.no>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, Jos Backus <Jos.Backus@nl.origin-it.com>, committers@FreeBSD.ORG Subject: Re: Bind sandbox bogosity Message-ID: <199812181951.LAA04753@apollo.backplane.com> References: <xzpvhjembb6.fsf@flood.ping.uio.no> <19981216222430.A93098@hal.mpn.cp.philips.com> <xzpempzi7xm.fsf@flood.ping.uio.no> <19981217132343.R68793@follo.net> <xzpk8zp1rcp.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
:Eivind Eklund <eivind@yes.no> writes: :> Can we put DNSSANDBOX (or something like that) in /etc/rc.conf? I :> would like to make it very, very easy to make it run in a sandbox... : :Very easy - just set named_flags to "" instead of "-u bind -g bind". : :DES :-- :Dag-Erling Smorgrav - des@flood.ping.uio.no Right. It would probably be overkill to implement DNSSANDBOX. Much easier to simply leave named_flags set to "" for the next release and put the "-u bind -g bind" mode in a comment. What we need is a security man page that describes the steps that can be taken to further secure the machine. I'll volunteer to get it started :-) apollo:/> man security No manual entry for security -- Did anyone receive my email to hackers/committers in regards to implementing asleep() & await() ? I haven't gotten a single response to it! And it ought to have elicited several dozen! -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. <dillon@backplane.com> (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812181951.LAA04753>