From owner-cvs-all  Mon Dec 21 12:12:24 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA16750
          for cvs-all-outgoing; Mon, 21 Dec 1998 12:12:24 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16743;
          Mon, 21 Dec 1998 12:12:23 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.1/8.9.1) id MAA47267;
	Mon, 21 Dec 1998 12:12:17 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 21 Dec 1998 12:12:17 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199812212012.MAA47267@apollo.backplane.com>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/etc rc.conf
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk


:Complaints? The naked truth is that it will not work in any but the
:simplest setups, unless you add code to named to temporarily regain
:privs before updating the pid file or rescanning interfaces. Doing so
:will void any security the sandbox may give you, since it will make it
:possible for hypothetical buffer overflow exploits to regain privs.

    My estimate is that the sandbox would work just fine on 99% of the 
    FreeBSD installations out there.  The basic problem is that Paul Vixie
    doesn't take sandboxes seriously so he doesn't bother fixing the crappy
    interface scanning or UDP binding code to allow the use of a single IP.
    Instead, bind goes out of its way to fart around with interface scanning
    and rescanning and all sorts of shit that it doesn't need to do.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message