From owner-freebsd-questions Wed Apr 18 17: 6:22 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 0FCA637B422 for ; Wed, 18 Apr 2001 17:06:19 -0700 (PDT) (envelope-from roelof@nisser.com) Received: from nisser.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id CAA38422; Thu, 19 Apr 2001 02:06:15 +0200 (CEST) (envelope-from roelof@nisser.com) Message-ID: <3ADE2BF7.9F0FD3DD@nisser.com> Date: Thu, 19 Apr 2001 02:06:15 +0200 From: Roelof Osinga Organization: Nisser - Nr. 1 in Veiligheid X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: PoushkovaG Cc: questions@FreeBSD.ORG Subject: Re: security & use References: <000501c0c81b$3eb81ee0$c118a8c0@INT.NIIAO.COM> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG PoushkovaG wrote: > > I have Free BSD 3.4 release, is this release relable for use as post > server & internet gateway, > is 'sendmail' & 'named' from it, good choice, why 'named' have options for > change UID & GID, > is above problem only computer with multi user, so on computer is only I > most of problem security is unmeaning. Well, it's reliable enough allright. But there are some security leaks in it. You should really start patching it up in places, like, say, BIND and stuff. BIND or named has a nice option to have it run in a sandbox, i.e. run it chroot'ed as bind:bind. Works fine, just make sure you've put the PID file in a readable place. It helps frustrate crackers ;). Roelof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message