Skip site navigation (1)Skip section navigation (2) 
Date:      21 Dec 1998 16:25:08 +0100
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        Eivind Eklund <eivind@yes.no>
Cc:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, Matt Dillon <dillon@FreeBSD.ORG>, security@FreeBSD.ORG
Subject:   Re: cvs commit: src/etc rc.conf
Message-ID:  <xzpyao1ecvf.fsf@flood.ping.uio.no>
In-Reply-To: Eivind Eklund's message of "Mon, 21 Dec 1998 16:11:10 %2B0100"
References:  <199812190725.XAA05479@freefall.freebsd.org> <xzp67b5ft9e.fsf@flood.ping.uio.no> <19981221161110.E14124@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Eivind Eklund <eivind@yes.no> writes:
> On Mon, Dec 21, 1998 at 03:45:49PM +0100, Dag-Erling Smorgrav wrote:
> > Matt Dillon <dillon@FreeBSD.ORG> writes:
> > If named is run in the sandbox, it will have to be restarted every
> > time an interface comes up after being down an hour or more - less if
> > you lower interface-interval in /etc/namedb/named.conf, which you
> > probably will if you run a caching nameserver on a box that has a
> > dynamic IP address (e.g. a dialout gateway). It will also complain
> > loudly every time it receives any of SIGHUP, SIGINT, SIGILL, SIGSYS or
> > SIGTERM unless you perform the appropriate named.conf magic to move
> > the pid and dump files to a directory writeable by bind:bind.
> 
> ... unless you do a series of small modifications.  It is not as if
> rescanning the interfaces is a _large_ task, or one that couldn't be
> done by a forked out half of named

Umm, the problem isn't scanning interfaces, the problem is binding to
them, which needs to be done by the parent, so you can't delegate
interface rescanning to a child process. Or rather, you can, but it
won't matter since at some point the child will need to communicate
its results to the parent which will then attempt to bind to port 53
on interfaces it's not yet bound to, for which it needs privs.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpyao1ecvf.fsf>