Date: Fri, 2 Feb 2001 02:50:03 -0800 (PST) From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Message-ID: <200102021050.f12Ao3J28194@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/24784; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: gabriel_ambuehl@buz.ch Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Date: Fri, 2 Feb 2001 02:42:34 -0800 --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 01, 2001 at 11:02:23AM -0800, gabriel_ambuehl@buz.ch wrote: > I've been wondering why bind isn't run as user bind group bind by > default. I mean it's widely known that this isn't the most secure > piece of software outthere so I'd say it really make sense to run it > with the least permissions possible. /etc/defaults/rc.conf got the > corresponding line commented out in favor of a normal running > bind... Running it like this won't work for every system since named can't rebind to interfaces which change address or which are added after the program is started. However, it's something we're considering doing. Kris --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6eo8aWry0BWjoQKURAnuxAJ0fhJpf1OhzghJsUua7XzsAmpiMWQCbBSD6 DIMpe+3EqjdFTroSwuczjPI= =ZJgW -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102021050.f12Ao3J28194>