From owner-freebsd-security  Mon Jun  1 15:09:09 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA20278
          for freebsd-security-outgoing; Mon, 1 Jun 1998 15:09:09 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from nemesis.psionic.com (nemesis.bipolar.net [209.30.119.58])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA20254
          for <freebsd-security@FreeBSD.ORG>; Mon, 1 Jun 1998 15:09:01 -0700 (PDT)
          (envelope-from crowland@psionic.com)
Received: (from maildrop@localhost)
	by nemesis.psionic.com  id RAA00345;
	Mon, 1 Jun 1998 17:09:31 -0500 (CDT)
X-Authentication-Warning: nemesis.psionic.com: maildrop set sender to <crowland@psionic.com> using -f
Received: from dolemite.bipolar.net(209.30.119.59) by nemesis via smap (V2.0)
	id xma003614; Mon, 1 Jun 98 17:09:22 -0500
Date: Mon, 1 Jun 1998 17:08:37 -0400 (EDT)
From: "Craig H. Rowland" <crowland@psionic.com>
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
cc: Ollivier Robert <roberto@keltia.freenix.fr>, freebsd-security@FreeBSD.ORG
Subject: Re: /usr/sbin/named
In-Reply-To: <19980601230226.36699@deepo.prosa.dk>
Message-ID: <Pine.LNX.3.96.980601170112.3784B-100000@dolemite.psionic.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id PAA20262
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I was originally under this impression as well and have seen
patches for Linux that do this. Does anyone know what procedures are
required to do this if it is built in? I also remember reading about this
feature with FreeBSD as well but can't recall where. If anyone has this
information I'd love to hear about it so I can update my document.

Thanks for any pointers..

-- Craig


On Mon, 1 Jun 1998, Philippe Regnauld wrote:

> Craig H. Rowland writes:
> > 
> > I have a web page up that describes how to run BIND 8.x under a chroot()
> > environment under OpenBSD 2.x. A lot of the information should apply to
> > FreeBSD as well. Here is the URL:
> > 
> > http://www.psionic.com/papers/dns.html
> 
> 	Didn't OpenBSD go a bit further and allow certain non-root programs
> 	to bind <1024 for this reason ?
> 
> -- 
>  -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
>      «Pluto placed his bad dog at the entrance of Hades to keep the dead
>       IN and the living  OUT!  The archetypical corporate firewall?»
>                                                        - S. Kelly Bootle
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message