From owner-freebsd-doc  Sun Jul 25 21:59:43 1999
Delivered-To: freebsd-doc@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id DF14415291; Sun, 25 Jul 1999 21:59:34 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id VAA42863;
	Sun, 25 Jul 1999 21:59:33 -0700 (PDT)
	(envelope-from dillon)
Date: Sun, 25 Jul 1999 21:59:33 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199907260459.VAA42863@apollo.backplane.com>
To: Mike Hoskins <mike@snafu.adept.org>
Cc: Sue Blake <sue@welearn.com.au>, freebsd-hackers@FreeBSD.ORG,
	freebsd-doc@FreeBSD.ORG
Subject: Re: sandbox??
References:  <Pine.BSF.4.10.9907251613520.24644-100000@snafu.adept.org>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:Understanding a sandbox only requires the ability to read on the part of
:the user (something anyone in charge of named administration has hopefully
:learned, else they don't need to be administrating anything).
:
:As for the current named.conf format...  I agree that it should be
:changed.  Rc.conf currently references the fact that 'it may be possible
:to run named in a sandbox'.  Named.conf says 'FreeBSD runs bind in a
:sandbox'.  Saying FreeBSD does something one place while saying it may be
:possible to do it in another is...  silly.
:
:The actual use is up to the administrator, so it seems logical to have
:named.conf examples for sandbox and non-sandbox configs.
:
:Mike Hoskins
:<mike@adept.org>

    The sandbox code for bind is not a novice exercise, which is why it is
    commented out by default.  This is mainly because bind insists on doing 
    things which make sandboxing difficult - you can't HUP it, for example,
    or bring interfaces down and up.  The comment in the sample named.conf
    is wrong, it isn't on by default.  Bind has a number of design faults 
    that make it difficult to run outside of root.  It would probably 
    work in a jail(), though, if someone wants to work on that.

    The sandbox for the comsat and ntalk daemons does work and is on by 
    default.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message