From owner-cvs-all  Thu Aug 23 14:18:42 2001
Delivered-To: cvs-all@freebsd.org
Received: from niwun.pair.com (niwun.pair.com [209.68.2.70])
	by hub.freebsd.org (Postfix) with SMTP id 90F1037B40A
	for <cvs-all@FreeBSD.ORG>; Thu, 23 Aug 2001 14:18:33 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: (qmail 79780 invoked by uid 3193); 23 Aug 2001 21:18:32 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 23 Aug 2001 21:18:32 -0000
Date: Thu, 23 Aug 2001 17:18:32 -0400 (EDT)
From: Mike Silbersack <silby@silby.com>
X-Sender:  <silby@niwun.pair.com>
To: Brian Somers <brian@Awfulhak.org>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Chris Dillon <cdillon@wolves.k12.mo.us>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>,
	Jun Kuriyama <kuriyama@imgsrc.co.jp>, <cvs-committers@FreeBSD.ORG>,
	<cvs-all@FreeBSD.ORG>, <brian@freebsd-services.com>
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist
 src/etc/namedb named.conf 
In-Reply-To: <200108232021.f7NKLUg86106@hak.lan.Awfulhak.org>
Message-ID: <Pine.BSF.4.30.0108231705050.76401-100000@niwun.pair.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On Thu, 23 Aug 2001, Brian Somers wrote:

> > 2.  rc.conf is amended with some fancy shell scripting that mails root and
> > says "You're not using sandboxing!  Read this url and figure it out, it
> > will be the default in 4.5"
>
> So anybody that wants named to run as root so that it can bind to
> addresses that are configured after named has started gets to suffer
> these emails ?
>
> Are you saying that *you* know better than the person running a given
> machine ?  I think not.

I think that anyone running BIND as root deserves to know the risk they're
putting themselves in.  Look at BIND 8's history and tell me that it's a
completely safe application to run as root.  When protection against being
rooted is this easy, people should be using it.

The case of running a dns server on dynamic interfaces is irrelevant.
Such a server would be useless anyway, since nobody could find it.  Maybe
there's one or two people who have some really weird situation which
requires such a setup, but I'm sure that's a really small amount of
people.

Clearly it's not going to be easy to set the defaults to use bind:bind
without breaking some configurations.  However, this is something that
_should_ be done.  This would be a much more productive conversation if
you could put forward some ideas on how to make the transition as painless
as possible.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message