Date: Thu, 23 Aug 2001 18:55:15 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Brian Somers <brian@Awfulhak.org> Cc: Jun Kuriyama <kuriyama@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <20010823185515.A28168@nagual.pp.ru> In-Reply-To: <200108231413.f7NEDvg71094@hak.lan.Awfulhak.org> References: <ache@nagual.pp.ru> <20010823174457.A27360@nagual.pp.ru> <200108231413.f7NEDvg71094@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 23, 2001 at 15:13:57 +0100, Brian Somers wrote: > > On Thu, Aug 23, 2001 at 06:34:46 -0700, Jun Kuriyama wrote: > > > kuriyama 2001/08/23 06:34:46 PDT > > > > > > Modified files: > > > etc/defaults rc.conf > > > etc/mtree BSD.var.dist > > > etc/namedb named.conf > > > Log: > > > Invoke named with privilege of bind:bind. > > > Change pidfile location to /var/run/named/pid. > > > > Is it discussed or I miss something? We already have an option to run it > > in bind sandbox, but as non-default option. Some functions not works in > > bind sandbox, I don't remember exactly at this moment. > > named won't be able to listen on interface addresses that are not > configured when named is invoked. This can break name services on a > dialup server quite badly. Yes, exact this thing. > I think this change should be reverted. I too. If named allows root compromise, better fix named. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010823185515.A28168>