From owner-cvs-all  Thu Aug 23 10:57:51 2001
Delivered-To: cvs-all@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0A21237B506; Thu, 23 Aug 2001 10:57:34 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from hades.hell.gr (patr530-b078.otenet.gr [195.167.121.206])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f7NHvTT03173;
	Thu, 23 Aug 2001 20:57:29 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.4/8.11.4) id f7NHPVg02489;
	Thu, 23 Aug 2001 20:25:31 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Date: Thu, 23 Aug 2001 20:25:30 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Jun Kuriyama <kuriyama@imgsrc.co.jp>
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf
Message-ID: <20010823202530.A2280@hades.hell.gr>
References: <ache@nagual.pp.ru> <20010823174457.A27360@nagual.pp.ru> <200108231413.f7NEDvg71094@hak.lan.Awfulhak.org> <20010823185515.A28168@nagual.pp.ru> <7my9oax1f0.wl@waterblue.imgsrc.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <7my9oax1f0.wl@waterblue.imgsrc.co.jp>; from kuriyama@imgsrc.co.jp on Fri, Aug 24, 2001 at 12:04:51AM +0900
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
X-URL: http://students.ceid.upatras.gr/~keramida/index.html
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

From: Jun Kuriyama <kuriyama@imgsrc.co.jp>
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf
Date: Fri, Aug 24, 2001 at 12:04:51AM +0900

> At Thu, 23 Aug 2001 18:55:15 +0400,
> Andrey A. Chernov <ache@nagual.pp.ru> wrote:
> 
> > If named allows root compromise, better fix named.
> 
> Of course.  But I like safety net like this.  IMHO users who want to
> use root privilege for named should override it by named_flags="" on
> their /etc/rc.conf.

This changes the behavior of rc.conf that some might have, which
depends on named_flags being set to "" by /etc/defaults/rc.conf.

I don't agree to running named in a sandbox by default, but can we, at
least, have a note in UPDATING?  Please?

-giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message