Date: Thu, 23 Aug 2001 21:21:30 +0100 From: Brian Somers <brian@Awfulhak.org> To: Mike Silbersack <silby@silby.com> Cc: Brian Somers <brian@Awfulhak.org>, Matt Dillon <dillon@earth.backplane.com>, Chris Dillon <cdillon@wolves.k12.mo.us>, "Andrey A. Chernov" <ache@nagual.pp.ru>, Jun Kuriyama <kuriyama@imgsrc.co.jp>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@freebsd-services.com, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <200108232021.f7NKLUg86106@hak.lan.Awfulhak.org> In-Reply-To: Message from Mike Silbersack <silby@silby.com> of "Thu, 23 Aug 2001 14:19:21 EDT." <Pine.BSF.4.30.0108231414260.29579-100000@niwun.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 23 Aug 2001, Brian Somers wrote:
>
> > > As long as people follow the instructions when setting up secondariese,
> > > the sandbox will 'just work'. I think this is doable and reasonable,
> > > and I also think that since -stable is going to be with us for a long time
> > > we should seriously consider MFCing these changes.
> >
> > I'd have to object to any such MFC. It'll break peoples name servers
> > and that's unacceptable in -stable.
>
> Ok, how about if a more relaxed approach is taken:
>
> 1. Sandboxing becomes default in -current.
I can live with that (although I don't agree with it). -current
users should be paying attention and should be smart enough to fix
their /etc/rc.conf. People upgrading a major release (4 -> 5) should
also be very careful.
> 2. rc.conf is amended with some fancy shell scripting that mails root and
> says "You're not using sandboxing! Read this url and figure it out, it
> will be the default in 4.5"
So anybody that wants named to run as root so that it can bind to
addresses that are configured after named has started gets to suffer
these emails ?
Are you saying that *you* know better than the person running a given
machine ? I think not.
> 3. Sandboxing becomes default in 4.5.
I'll say it again. DOING THIS WILL BREAK EXISTING CONFIGURATIONS.
We don't do that in -stable. If we did, it wouldn't be stable.
> I'm sure this would annoy some people, but it would be a good step forward
> in proactive security.
Saying that it would annoy people is an understatement. Your regular
user will not be pleased when they upgrade their system, run
mergemaster (replacing defaults/rc.conf without looking at the diffs)
and then reboot, later to find that named has stopped running. Maybe
they'll notice before their businesses have lost email and failed to
provide services that they're contractually obliged to supply ?
> The only problem I see is that I'm terrible at shell scripting, someone
> else would have to do the above. :)
Good, I'm glad you're not going to do this.
> Mike "Silby" Silbersack
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108232021.f7NKLUg86106>