From owner-freebsd-security  Thu Nov 11 15:46:56 1999
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id DB42C14F68
	for <security@FreeBSD.ORG>; Thu, 11 Nov 1999 15:46:52 -0800 (PST)
	(envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id PAA05713;
	Thu, 11 Nov 1999 15:46:51 -0800
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by point.osg.gov.bc.ca, id smtpda05711; Thu Nov 11 15:46:49 1999
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id PAA65881;
	Thu, 11 Nov 1999 15:46:47 -0800 (PST)
Message-Id: <199911112346.PAA65881@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpds65877; Thu Nov 11 15:46:14 1999
X-Mailer: exmh version 2.1.0 09/18/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.3-RELEASE
X-Sender: cy
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: Why not sandbox BIND? 
In-reply-to: Your message of "Thu, 11 Nov 1999 16:10:53 MST."
             <4.2.0.58.19991111160840.042469d0@localhost> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 Nov 1999 15:46:14 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <4.2.0.58.19991111160840.042469d0@localhost>, Brett Glass writes:
> OpenBSD sandboxes BIND, which means that most of the vulnerabilities in the 
> CERT advisory would be moot.
> 
> Should the same be done by default in FreeBSD? There's no reason for BIND 
> to be privileged.

Just put something like the following in named.conf. 

named_flags="-c /usr/local/etc/namedb/named.conf -u named -g named -t /var/named"


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message