From owner-freebsd-stable Sun Jan 6 11:24:15 2002 Delivered-To: freebsd-stable@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id D5A1C37B400 for ; Sun, 6 Jan 2002 11:24:08 -0800 (PST) Received: from user-33qtnuo.dialup.mindspring.com ([199.174.223.216] helo=gohan.cjclark.org) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16NIto-00013M-00; Sun, 06 Jan 2002 11:24:06 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g06JNlo00777; Sun, 6 Jan 2002 11:23:47 -0800 (PST) (envelope-from cjc) Date: Sun, 6 Jan 2002 11:23:45 -0800 From: "Crist J. Clark" To: Joe Abley Cc: Haikal Saadh , stable@FreeBSD.ORG Subject: Re: Chrooted bind out of the box Message-ID: <20020106112345.B237@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020105222558.A95067@buffoon.automagic.org>; from jabley@automagic.org on Sat, Jan 05, 2002 at 10:26:01PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jan 05, 2002 at 10:26:01PM -0500, Joe Abley wrote: > On Sat, Jan 05, 2002 at 02:08:46PM -0800, Crist J. Clark wrote: > > On Sat, Jan 05, 2002 at 11:26:00AM +0500, Haikal Saadh wrote: > > > Is there a reason why bind is run as root by default and not bind.bind? > > > And not chrooted? > > > > > > If I'm not mistaken almost everyone does this anyway, right? > > > > IIRC, the last time it was discussed, it was felt changing this in the > > middle of -STABLE would be too disruptive. Many working BIND > > installations would break when people updated. > > Why not create a named_chroot variable in defaults/rc.conf which > is by default set to NO, but which sysinstall can override in > /etc/rc.conf with a YES for fresh (non-upgrade) installs? /etc/defaults/rc.conf are the defaults. Not everyone makes a new system with sysinstall(8), and having sysinstall(8) put new and unexpected things in rc.conf is in itself a POLA vilolation. I was talking more about running named(8) as bind:bind. Chrooting has other issues, you need to actually build a chroot environment somewhere and decide what to put in it, and you still need to run as bind:bind for chrooting to be much of a security measure. Running named(8) as bind:bind by default is easiest done by changing the named_bind flags. As I said, changing the default would break stuff, but if you look at /etc/defaults/rc.conf in -STABLE, named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named So the hint is already there. And if you look at -CURRENT, named_flags="-u bind -g bind" # Flags for named It already runs that way by default. But if you really want to be clever, you should run named(8) in a jail(8). -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message