From owner-freebsd-security Sun Jul 25 22: 4:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id BDA2D151C9 for ; Sun, 25 Jul 1999 22:04:30 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id WAA42888; Sun, 25 Jul 1999 22:02:19 -0700 (PDT) (envelope-from dillon) Date: Sun, 25 Jul 1999 22:02:19 -0700 (PDT) From: Matthew Dillon Message-Id: <199907260502.WAA42888@apollo.backplane.com> To: Mike Hoskins Cc: Sue Blake , security@FreeBSD.ORG Subject: Re: sandbox?? References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :I run BIND in a sandbox on my 3.2-R and 4.0-C systems and it works great. :Rather than setting up a non-standard chroot() area I just kept :/etc/namedb around, did a 'chgrp bind /etc/namedb', 'chmod 774 :/etc/namedb', and added a 'pid-file "/etc/namedb/named.pid";' entry to :named.conf so named wouldn't need access to /var/run. : :Mike Hoskins : Ouch, I wouldn't do that! Leave the files and directories that named only reads owned by root and modes 644 or 755. Only files and directories that named *writes* needs to be owned by the sandbox... that usually means the secondary zone directory, which I usually create a subdirectory for. For the same reason, named and its support binaries should be owned by root even if run as user bind. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message