From owner-cvs-all Mon Dec 21 12:12:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA16750 for cvs-all-outgoing; Mon, 21 Dec 1998 12:12:24 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16743; Mon, 21 Dec 1998 12:12:23 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id MAA47267; Mon, 21 Dec 1998 12:12:17 -0800 (PST) (envelope-from dillon) Date: Mon, 21 Dec 1998 12:12:17 -0800 (PST) From: Matthew Dillon Message-Id: <199812212012.MAA47267@apollo.backplane.com> To: Dag-Erling Smorgrav Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk :Complaints? The naked truth is that it will not work in any but the :simplest setups, unless you add code to named to temporarily regain :privs before updating the pid file or rescanning interfaces. Doing so :will void any security the sandbox may give you, since it will make it :possible for hypothetical buffer overflow exploits to regain privs. My estimate is that the sandbox would work just fine on 99% of the FreeBSD installations out there. The basic problem is that Paul Vixie doesn't take sandboxes seriously so he doesn't bother fixing the crappy interface scanning or UDP binding code to allow the use of a single IP. Instead, bind goes out of its way to fart around with interface scanning and rescanning and all sorts of shit that it doesn't need to do. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message