Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Aug 2001 10:47:25 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Mike Silbersack <silby@silby.com>
Cc:        Chris Dillon <cdillon@wolves.k12.mo.us>, Brian Somers <brian@Awfulhak.org>, "Andrey A. Chernov" <ache@nagual.pp.ru>, Jun Kuriyama <kuriyama@imgsrc.co.jp>, <cvs-committers@FreeBSD.ORG>, <cvs-all@FreeBSD.ORG>, <brian@freebsd-services.com>
Subject:   Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf 
Message-ID:  <200108231747.f7NHlP787945@earth.backplane.com>
References:   <Pine.BSF.4.30.0108231307280.29579-100000@niwun.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

:If the default behavior is not changed, and another hole is found in BIND,
:thousands of boxes will be easily rootable.  At this point in time, the
:many users of BIND will not be really happy when the advisory says "We
:told you to sandbox it in rc.conf!"
:
:So, the question in my mind isn't whether this change will break modem
:users; that's easy enough to fix and has a minimal impact.  The question
:is:  will enabling sandboxing potentially break systems which act as
:secondaries when they try to grab updated zones?  _That_ would be a
:serious problem.
:
:Mike "Silby" Silbersack

    Long ago I added comments to named.conf basically telling people how
    to setup a secondaries directory (owned by bind:bind).  Note that
    under no circumstances should /etc/namedb itself or any files in 
    the top level of /etc/nameddb ever be owned by bind or writable by
    group bind.  Not ever.

    At the moment the creation of /etc/namedb/s in
    /usr/src/etc/mtree/BSD.root.dist is commented out.  I would recommend
    uncommenting this so the normal installworld process creates 
    /etc/namedb/s properly.  By now the default 'bind' user and group, which
    I added a long time ago, should be in everyone's passwd and group files.

    As long as people follow the instructions when setting up secondariese,
    the sandbox will 'just work'.  I think this is doable and reasonable,
    and I also think that since -stable is going to be with us for a long time
    we should seriously consider MFCing these changes.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108231747.f7NHlP787945>