From owner-cvs-all Thu Aug 23 13:21:46 2001 Delivered-To: cvs-all@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id 59EC337B401; Thu, 23 Aug 2001 13:21:31 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.5/8.11.5) with ESMTP id f7NKLgv38874; Thu, 23 Aug 2001 21:21:42 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f7NKLUg86106; Thu, 23 Aug 2001 21:21:30 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200108232021.f7NKLUg86106@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Mike Silbersack Cc: Brian Somers , Matt Dillon , Chris Dillon , "Andrey A. Chernov" , Jun Kuriyama , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@freebsd-services.com, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf In-Reply-To: Message from Mike Silbersack of "Thu, 23 Aug 2001 14:19:21 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 23 Aug 2001 21:21:30 +0100 From: Brian Somers Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Thu, 23 Aug 2001, Brian Somers wrote: > > > > As long as people follow the instructions when setting up secondariese, > > > the sandbox will 'just work'. I think this is doable and reasonable, > > > and I also think that since -stable is going to be with us for a long time > > > we should seriously consider MFCing these changes. > > > > I'd have to object to any such MFC. It'll break peoples name servers > > and that's unacceptable in -stable. > > Ok, how about if a more relaxed approach is taken: > > 1. Sandboxing becomes default in -current. I can live with that (although I don't agree with it). -current users should be paying attention and should be smart enough to fix their /etc/rc.conf. People upgrading a major release (4 -> 5) should also be very careful. > 2. rc.conf is amended with some fancy shell scripting that mails root and > says "You're not using sandboxing! Read this url and figure it out, it > will be the default in 4.5" So anybody that wants named to run as root so that it can bind to addresses that are configured after named has started gets to suffer these emails ? Are you saying that *you* know better than the person running a given machine ? I think not. > 3. Sandboxing becomes default in 4.5. I'll say it again. DOING THIS WILL BREAK EXISTING CONFIGURATIONS. We don't do that in -stable. If we did, it wouldn't be stable. > I'm sure this would annoy some people, but it would be a good step forward > in proactive security. Saying that it would annoy people is an understatement. Your regular user will not be pleased when they upgrade their system, run mergemaster (replacing defaults/rc.conf without looking at the diffs) and then reboot, later to find that named has stopped running. Maybe they'll notice before their businesses have lost email and failed to provide services that they're contractually obliged to supply ? > The only problem I see is that I'm terrible at shell scripting, someone > else would have to do the above. :) Good, I'm glad you're not going to do this. > Mike "Silby" Silbersack -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message