Date: Thu, 23 Aug 2001 22:46:00 +0100 From: Brian Somers <brian@Awfulhak.org> To: Mike Silbersack <silby@silby.com> Cc: Brian Somers <brian@Awfulhak.org>, Matt Dillon <dillon@earth.backplane.com>, Chris Dillon <cdillon@wolves.k12.mo.us>, "Andrey A. Chernov" <ache@nagual.pp.ru>, Jun Kuriyama <kuriyama@imgsrc.co.jp>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@freebsd-services.com, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <200108232146.f7NLk1g88405@hak.lan.Awfulhak.org> In-Reply-To: Message from Mike Silbersack <silby@silby.com> of "Thu, 23 Aug 2001 17:18:32 EDT." <Pine.BSF.4.30.0108231705050.76401-100000@niwun.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> On Thu, 23 Aug 2001, Brian Somers wrote:
>
> > > 2. rc.conf is amended with some fancy shell scripting that mails root and
> > > says "You're not using sandboxing! Read this url and figure it out, it
> > > will be the default in 4.5"
> >
> > So anybody that wants named to run as root so that it can bind to
> > addresses that are configured after named has started gets to suffer
> > these emails ?
> >
> > Are you saying that *you* know better than the person running a given
> > machine ? I think not.
>
> I think that anyone running BIND as root deserves to know the risk they're
> putting themselves in. Look at BIND 8's history and tell me that it's a
> completely safe application to run as root. When protection against being
> rooted is this easy, people should be using it.
And how do you know that person is running bind8 ? Are you going to
interrogate $named_program now too ?
> The case of running a dns server on dynamic interfaces is irrelevant.
> Such a server would be useless anyway, since nobody could find it. Maybe
> there's one or two people who have some really weird situation which
> requires such a setup, but I'm sure that's a really small amount of
> people.
I'd say this is fairly common:
query-source address * port 53;
Running a ppp server and offering the local interface address as a
nameserver may be common too - I don't know and neither do you.
But this is a dumb strawman. You should not be trying to dictate
policy over configurations you know nothing about. Sending email to
people saying that they should be running named as non-root is just
ludicrous.
> Clearly it's not going to be easy to set the defaults to use bind:bind
> without breaking some configurations. However, this is something that
> _should_ be done.
This (damage) has already been done in -current. I am saying that doing
this in -stable -- breaking peoples existing configurations -- is an
exercise that will make the FreeBSD project look like idiots, and I
won't subscribe to that idea.
Why are people so eager to shove these changes down the throats of
the unsuspecting masses running -stable ? Is everyone trying to
scare away our user base ?
> This would be a much more productive conversation if
> you could put forward some ideas on how to make the transition as painless
> as possible.
If I subscribed to the idea, I would suggest a way forward. The
painless option is to back out what's been done so far and for
people to think about and test what they're going to do before
doing it.
> Mike "Silby" Silbersack
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108232146.f7NLk1g88405>