Date: Wed, 27 Dec 2006 17:00:19 -0500 From: Skip Ford <skip.ford@verizon.net> To: "Eugene M. Kim" <freebsd.org@ab.ote.we.lv> Cc: net@freebsd.org Subject: Re: BIND running setuid with interface changes Message-ID: <20061227220019.GA1044@lucy.menantico.com> In-Reply-To: <4592AED6.4040508@ab.ote.we.lv> References: <4592AED6.4040508@ab.ote.we.lv>
next in thread | previous in thread | raw e-mail | index | archive | help
Eugene M. Kim wrote: [snip] > Then, when a new address comes up (such as on a dynamically created L2TP > tun(4) interface), BIND tries to listen on it, but fails because it is > running setuid as bind: > > Dec 27 02:32:00 home named[1121]: listening on IPv4 interface tun0, 10.0.2.129#53 > Dec 27 02:32:00 home named[1121]: could not listen on UDP socket: permission denied > > The only workarounds that I can think of is either to run BIND as setuid > root, or to restart (not reload) BIND every time a new VPN connection > comes up, both of which I am not comfortable with. > > Any better ideas? mac_portacl(4) http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-portacl.html -- Skip
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061227220019.GA1044>