From owner-freebsd-bugs  Tue Oct 17  5:52:40 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [207.154.226.10])
	by hub.freebsd.org (Postfix) with ESMTP id D4E3C37B4D7
	for <freebsd-bugs@FreeBSD.org>; Tue, 17 Oct 2000 05:52:38 -0700 (PDT)
Received: by elvis.mu.org (Postfix, from userid 1061)
	id 671692B232; Tue, 17 Oct 2000 07:52:33 -0500 (CDT)
Date: Tue, 17 Oct 2000 07:52:33 -0500
From: David Drum <david@mu.org>
To: freebsd-bugs@FreeBSD.org
Subject: Re: conf/22038: Default location of named.pid file assumes named is running as root
Message-ID: <20001017075233.B46425@elvis.mu.org>
Mail-Followup-To: David Drum <david@mu.org>, freebsd-bugs@FreeBSD.org
References: <200010170840.BAA89963@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200010170840.BAA89963@freefall.freebsd.org>; from des@ofug.org on Tue, Oct 17, 2000 at 01:40:02AM -0700
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Quoth Dag-Erling Smorgrav:

> david@mu.org writes:
> 
> > Move the pid file into a subdirectory that can be chowned to bind:
> 
> This does not help if named runs chrooted, which it should.
> 
> (I have patches to make it run in a jail, BTW)

I believe this comment is outside the scope of the current request.
Chrooting bind is one step further down the road to security.
Please see my next email for more comments.

Regards,

David Drum
david@mu.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message