From owner-freebsd-bugs  Fri Feb  2  4:42:28 2001
Delivered-To: freebsd-bugs@freebsd.org
Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167])
	by hub.freebsd.org (Postfix) with ESMTP id B735137B65D
	for <freebsd-bugs@FreeBSD.ORG>; Fri,  2 Feb 2001 04:42:10 -0800 (PST)
Received: by puck.firepipe.net (Postfix, from userid 1000)
	id 70E471AB2; Fri,  2 Feb 2001 07:42:10 -0500 (EST)
Date: Fri, 2 Feb 2001 07:42:10 -0500
From: Will Andrews <will@physics.purdue.edu>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-bugs@FreeBSD.ORG
Subject: Re: misc/24784: Why isn't bind always running as -u bind -g bind
Message-ID: <20010202074210.R479@puck.firepipe.net>
Reply-To: Will Andrews <will@physics.purdue.edu>
References: <200102021050.f12Ao3J28194@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="7jjDTNL5GSSsPbWk"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102021050.f12Ao3J28194@freefall.freebsd.org>; from kris@obsecurity.org on Fri, Feb 02, 2001 at 02:50:03AM -0800
X-Operating-System: FreeBSD 4.2-STABLE i386
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--7jjDTNL5GSSsPbWk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 02, 2001 at 02:50:03AM -0800, Kris Kennaway wrote:
>  Running it like this won't work for every system since named can't
>  rebind to interfaces which change address or which are added after the
>  program is started. However, it's something we're considering doing.

If it is done, it's probably good to keep the changes limited to
5.0-CURRENT; 4.x is too far along for a change like this.

But to actually speak in favor of the idea: it doesn't break default
behavior other than the rebinding issue, and the average admin who
enables BIND usually understands what kind of permissions BIND needs for
what sort of things, and can recognize what limitations -ubind -gbind
puts on the daemon.

--=20
wca

--7jjDTNL5GSSsPbWk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6eqshF47idPgWcsURAqFQAJsGn8xpjGwByxqyWjXf1CXzeQhiGgCcCIsh
1LD2m0SV6iQYokLRgCso5r4=
=aslD
-----END PGP SIGNATURE-----

--7jjDTNL5GSSsPbWk--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message