From owner-cvs-all Mon Dec 14 19:17:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA00467 for cvs-all-outgoing; Mon, 14 Dec 1998 19:17:54 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA00458 for ; Mon, 14 Dec 1998 19:17:49 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id TAA20006; Mon, 14 Dec 1998 19:16:53 -0800 (PST) Message-Id: <199812150316.TAA20006@burka.rdy.com> Subject: Re: Bind sandbox bogosity In-Reply-To: <199812150243.SAA50480@apollo.backplane.com> from Matthew Dillon at "Dec 14, 1998 6:43:56 pm" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Mon, 14 Dec 1998 19:16:52 -0800 (PST) Cc: des@flood.ping.uio.no, committers@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Matthew Dillon writes: > The first problem is a non-problem, i.e. a bogus > warning because HUPing named does not change it's > pid. > > The second problem is real, and I did mention it. However, > my feeling is that running named in a sandbox is a basic > security precaution that must be taken and that the vast > majority of configurations will not have a problem with > it. It would be nice if there were a way to turn off > the interface scanning junk, though. named is the only > major program I know that does that (a Vixie bogosity, > in my view). sendmail is the other one. > > -Matt > > Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet > Communications & God knows what else. > (Please include original email in any response) > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message