From owner-freebsd-security Fri Nov 12 9:25:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 1E96414E18 for ; Fri, 12 Nov 1999 09:25:02 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id KAA29005; Fri, 12 Nov 1999 10:24:29 -0700 (MST) Message-Id: <4.2.0.58.19991112102309.045abf00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 12 Nov 1999 10:24:44 -0700 To: Bill Fumerola From: Brett Glass Subject: Re: Why not sandbox BIND? Cc: Cy Schubert - ITSD Open Systems Group , security@FreeBSD.ORG In-Reply-To: References: <4.2.0.58.19991111220759.044f46d0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Our production systems are running an older version of FreeBSD (we always stay a bit behind the leading edge), so they do not have that user. --Brett At 09:22 AM 11/12/1999 -0500, Bill Fumerola wrote: >On Thu, 11 Nov 1999, Brett Glass wrote: > > > I assume you mean rc.conf, not named.conf. > > > > In any case, maybe there should be a "sandbox BIND" flag in rc.conf > > that selects a sandboxed configuration and is on by default. > > Also, it'd be nice to have the user "named" already in /etc/passwd > > and ready to go. > >bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin > >You mean like that in src/etc/master.passwd? > >-- >- bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - >- ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message