From owner-freebsd-security Wed Jan 31 14:47:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (gate.sp.collab.net [64.211.228.36]) by hub.freebsd.org (Postfix) with SMTP id 5C4A037B491 for ; Wed, 31 Jan 2001 14:47:38 -0800 (PST) Received: (qmail 927 invoked by uid 1000); 31 Jan 2001 22:48:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 Jan 2001 22:48:13 -0000 Date: Wed, 31 Jan 2001 14:48:13 -0800 (PST) From: Brian Behlendorf X-X-Sender: To: Alfred Perlstein Cc: Roman Shterenzon , Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind In-Reply-To: <20010131140447.E26076@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 31 Jan 2001, Alfred Perlstein wrote: > * Roman Shterenzon [010131 13:56] wrote: > > On Wed, 31 Jan 2001, FreeBSD Security Advisories wrote: > > > > > ============================================================================= > > > FreeBSD-SA-01:18 Security Advisory > > > > > > Topic: BIND remotely exploitable buffer overflow > > ..snip.. > > > > Why not make it default in the base system? > > It has been, but only for several days. I think he meant, why not set those recommendations for running as user "bind" and in a chroot jail as the default? Unless I'm missing something, that's not the case currently: [yez] 2:47pm ~ > fgrep -i named_flag /etc/defaults/rc.conf named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message