From owner-cvs-all  Thu Aug 23 10:50:26 2001
Delivered-To: cvs-all@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0827937B40D; Thu, 23 Aug 2001 10:50:17 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.4/8.11.2) id f7NHlP787945;
	Thu, 23 Aug 2001 10:47:25 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 23 Aug 2001 10:47:25 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200108231747.f7NHlP787945@earth.backplane.com>
To: Mike Silbersack <silby@silby.com>
Cc: Chris Dillon <cdillon@wolves.k12.mo.us>,
	Brian Somers <brian@Awfulhak.org>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>,
	Jun Kuriyama <kuriyama@imgsrc.co.jp>, <cvs-committers@FreeBSD.ORG>,
	<cvs-all@FreeBSD.ORG>, <brian@freebsd-services.com>
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist
 src/etc/namedb named.conf 
References:  <Pine.BSF.4.30.0108231307280.29579-100000@niwun.pair.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

:If the default behavior is not changed, and another hole is found in BIND,
:thousands of boxes will be easily rootable.  At this point in time, the
:many users of BIND will not be really happy when the advisory says "We
:told you to sandbox it in rc.conf!"
:
:So, the question in my mind isn't whether this change will break modem
:users; that's easy enough to fix and has a minimal impact.  The question
:is:  will enabling sandboxing potentially break systems which act as
:secondaries when they try to grab updated zones?  _That_ would be a
:serious problem.
:
:Mike "Silby" Silbersack

    Long ago I added comments to named.conf basically telling people how
    to setup a secondaries directory (owned by bind:bind).  Note that
    under no circumstances should /etc/namedb itself or any files in 
    the top level of /etc/nameddb ever be owned by bind or writable by
    group bind.  Not ever.

    At the moment the creation of /etc/namedb/s in
    /usr/src/etc/mtree/BSD.root.dist is commented out.  I would recommend
    uncommenting this so the normal installworld process creates 
    /etc/namedb/s properly.  By now the default 'bind' user and group, which
    I added a long time ago, should be in everyone's passwd and group files.

    As long as people follow the instructions when setting up secondariese,
    the sandbox will 'just work'.  I think this is doable and reasonable,
    and I also think that since -stable is going to be with us for a long time
    we should seriously consider MFCing these changes.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message