Date: Fri, 2 Feb 2001 10:27:17 +0200 (EET) From: Domas Mituzas <domas.mituzas@delfi.lt> To: stable@freebsd.org Subject: our BIND jail implementation Message-ID: <Pine.BSF.4.21.0102021016100.2984-100000@axis.tdd.lt>
next in thread | raw e-mail | index | archive | help
Hi, I saw a lot of discussions about implementing secure (or just sandboxed) bind solution. We had an approach of building bind in such manner, that was most secure. Security breaches could happen both from administrative user acces, both from insecure software. Therefore, we've got a jail with two users - dnsadmin and bind. Both of them are in bind group (actually I was loughing out loud, when I saw uid and gid of bind user (53:53 - perfect! :) Therefore we built a chroot sandbox for jail with such tree: / - 750 root:bind run/ - bind:bind 750 pids, log sockets, temporary zone transfer files, etc slave/ - bind:bind 750 slave zone cache files data/ - dnsadmin:bind 750 master zone data admin/ - ~dnsadmin dnsadmin:bind 700 log/ - bind:bind 750 named.conf - dnsadmin:bind 640 named-xfer - root:bind 750 Of course, it's necessary to tweak pathnames.h, so dns would find exact locations. named-xfer was statically linked binary, which put temporary transfers in run/. ndc was tweaked to find control socket in $BINDROOT/run/ndc. Moreover, control socket was made to be bind:bind 660, so regular zone administrator could do simple zone reload. logs were configured to be put in logs/ with special size restrictions Ah, and the last thing I forgot to mention - it works! :) Domas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102021016100.2984-100000>