From owner-freebsd-security  Thu Nov 11 15:31:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from kithrup.com (kithrup.com [205.179.156.40])
	by hub.freebsd.org (Postfix) with ESMTP id 5FA7514F4D
	for <security@freebsd.org>; Thu, 11 Nov 1999 15:31:09 -0800 (PST)
	(envelope-from sef@kithrup.com)
Received: (from sef@localhost)
	by kithrup.com (8.8.8/8.8.8) id PAA20772;
	Thu, 11 Nov 1999 15:31:08 -0800 (PST)
	(envelope-from sef)
Date: Thu, 11 Nov 1999 15:31:08 -0800 (PST)
From: Sean Eric Fagan <sef@kithrup.com>
Message-Id: <199911112331.PAA20772@kithrup.com>
To: security@freebsd.org
Reply-To: security@freebsd.org
Subject: Re: Why not sandbox BIND?
In-Reply-To: <Pine.LNX.4.10.9911111715070.4354-100000.kithrup.freebsd.security@dolemite.psionic.com>
References: <4.2.0.58.19991111160840.042469d0@localhost>
Organization: Kithrup Enterprises, Ltd.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In article <Pine.LNX.4.10.9911111715070.4354-100000.kithrup.freebsd.security@dolemite.psionic.com> you write:
>BIND 8.x allows one to chroot() it very easily.

One of the principal bind developers has taken the existing linux capabilities
implementation and run bind under it.  He's very happy -- it runs as root, and
yet pretty much can't do anything.

As that feature is useful for _other_ things (think sendmail), I think that's
the direction to go in, really.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message