Date: Fri, 2 Feb 2001 07:42:10 -0500 From: Will Andrews <will@physics.purdue.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind Message-ID: <20010202074210.R479@puck.firepipe.net> In-Reply-To: <200102021050.f12Ao3J28194@freefall.freebsd.org>; from kris@obsecurity.org on Fri, Feb 02, 2001 at 02:50:03AM -0800 References: <200102021050.f12Ao3J28194@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--7jjDTNL5GSSsPbWk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 02, 2001 at 02:50:03AM -0800, Kris Kennaway wrote: > Running it like this won't work for every system since named can't > rebind to interfaces which change address or which are added after the > program is started. However, it's something we're considering doing. If it is done, it's probably good to keep the changes limited to 5.0-CURRENT; 4.x is too far along for a change like this. But to actually speak in favor of the idea: it doesn't break default behavior other than the rebinding issue, and the average admin who enables BIND usually understands what kind of permissions BIND needs for what sort of things, and can recognize what limitations -ubind -gbind puts on the daemon. --=20 wca --7jjDTNL5GSSsPbWk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6eqshF47idPgWcsURAqFQAJsGn8xpjGwByxqyWjXf1CXzeQhiGgCcCIsh 1LD2m0SV6iQYokLRgCso5r4= =aslD -----END PGP SIGNATURE----- --7jjDTNL5GSSsPbWk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202074210.R479>