From owner-freebsd-security Fri Nov 12 7:21:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 7357414DFC for ; Fri, 12 Nov 1999 07:21:05 -0800 (PST) (envelope-from billf@chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 3DDB61C4D; Fri, 12 Nov 1999 09:22:52 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by jade.chc-chimes.com (Postfix) with ESMTP id 3AA523836; Fri, 12 Nov 1999 09:22:52 -0500 (EST) Date: Fri, 12 Nov 1999 09:22:52 -0500 (EST) From: Bill Fumerola To: Brett Glass Cc: Cy Schubert - ITSD Open Systems Group , security@FreeBSD.ORG Subject: Re: Why not sandbox BIND? In-Reply-To: <4.2.0.58.19991111220759.044f46d0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Nov 1999, Brett Glass wrote: > I assume you mean rc.conf, not named.conf. > > In any case, maybe there should be a "sandbox BIND" flag in rc.conf > that selects a sandboxed configuration and is on by default. > Also, it'd be nice to have the user "named" already in /etc/passwd > and ready to go. bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin You mean like that in src/etc/master.passwd? -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message