From owner-freebsd-security  Thu Nov 11 15:11:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id EB6A914F5C
	for <security@freebsd.org>; Thu, 11 Nov 1999 15:11:07 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id QAA20958
	for <security@freebsd.org>; Thu, 11 Nov 1999 16:10:46 -0700 (MST)
Message-Id: <4.2.0.58.19991111160840.042469d0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Thu, 11 Nov 1999 16:10:53 -0700
To: security@freebsd.org
From: Brett Glass <brett@lariat.org>
Subject: Why not sandbox BIND?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

OpenBSD sandboxes BIND, which means that most of the vulnerabilities in the 
CERT advisory would be moot.

Should the same be done by default in FreeBSD? There's no reason for BIND 
to be privileged.

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message