Date: Thu, 11 Nov 1999 15:46:14 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Why not sandbox BIND? Message-ID: <199911112346.PAA65881@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 11 Nov 1999 16:10:53 MST." <4.2.0.58.19991111160840.042469d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4.2.0.58.19991111160840.042469d0@localhost>, Brett Glass writes:
> OpenBSD sandboxes BIND, which means that most of the vulnerabilities in the
> CERT advisory would be moot.
>
> Should the same be done by default in FreeBSD? There's no reason for BIND
> to be privileged.
Just put something like the following in named.conf.
named_flags="-c /usr/local/etc/namedb/named.conf -u named -g named -t /var/named"
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911112346.PAA65881>