From owner-freebsd-bugs Fri Feb 2 2:50:22 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 18C4137B401 for ; Fri, 2 Feb 2001 02:50:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f12Ao3J28194; Fri, 2 Feb 2001 02:50:03 -0800 (PST) (envelope-from gnats) Date: Fri, 2 Feb 2001 02:50:03 -0800 (PST) Message-Id: <200102021050.f12Ao3J28194@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Kris Kennaway Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Reply-To: Kris Kennaway Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/24784; it has been noted by GNATS. From: Kris Kennaway To: gabriel_ambuehl@buz.ch Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Date: Fri, 2 Feb 2001 02:42:34 -0800 --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 01, 2001 at 11:02:23AM -0800, gabriel_ambuehl@buz.ch wrote: > I've been wondering why bind isn't run as user bind group bind by > default. I mean it's widely known that this isn't the most secure > piece of software outthere so I'd say it really make sense to run it > with the least permissions possible. /etc/defaults/rc.conf got the > corresponding line commented out in favor of a normal running > bind... Running it like this won't work for every system since named can't rebind to interfaces which change address or which are added after the program is started. However, it's something we're considering doing. Kris --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6eo8aWry0BWjoQKURAnuxAJ0fhJpf1OhzghJsUua7XzsAmpiMWQCbBSD6 DIMpe+3EqjdFTroSwuczjPI= =ZJgW -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message