Date: Thu, 1 Feb 2001 11:02:23 -0800 (PST) From: gabriel_ambuehl@buz.ch To: freebsd-gnats-submit@FreeBSD.org Subject: misc/24784: Why isn't bind always running as -u bind -g bind Message-ID: <200102011902.f11J2Ng04677@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 24784 >Category: misc >Synopsis: Why isn't bind always running as -u bind -g bind >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: wish >Submitter-Id: current-users >Arrival-Date: Thu Feb 01 11:10:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Gabriel Ambuehl >Release: 4.2 STABLE >Organization: >Environment: >Description: I've been wondering why bind isn't run as user bind group bind by default. I mean it's widely known that this isn't the most secure piece of software outthere so I'd say it really make sense to run it with the least permissions possible. /etc/defaults/rc.conf got the corresponding line commented out in favor of a normal running bind... >How-To-Repeat: Wait for the exploits to see why I mention this. >Fix: Kill the comment before #named_flags="-u bind -g bind" # Flags for named in /etc/defaults/rc.conf >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102011902.f11J2Ng04677>