Date: Fri, 2 Feb 2001 07:42:10 -0500 From: Will Andrews <will@physics.purdue.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Message-ID: <20010202074210.R479@puck.firepipe.net> In-Reply-To: <200102021050.f12Ao3J28194@freefall.freebsd.org>; from kris@obsecurity.org on Fri, Feb 02, 2001 at 02:50:03AM -0800 References: <200102021050.f12Ao3J28194@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Feb 02, 2001 at 02:50:03AM -0800, Kris Kennaway wrote: > Running it like this won't work for every system since named can't > rebind to interfaces which change address or which are added after the > program is started. However, it's something we're considering doing. If it is done, it's probably good to keep the changes limited to 5.0-CURRENT; 4.x is too far along for a change like this. But to actually speak in favor of the idea: it doesn't break default behavior other than the rebinding issue, and the average admin who enables BIND usually understands what kind of permissions BIND needs for what sort of things, and can recognize what limitations -ubind -gbind puts on the daemon. -- wca [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6eqshF47idPgWcsURAqFQAJsGn8xpjGwByxqyWjXf1CXzeQhiGgCcCIsh 1LD2m0SV6iQYokLRgCso5r4= =aslD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202074210.R479>