From owner-freebsd-security Wed Jan 31 14:54:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id E8A0E37B491 for ; Wed, 31 Jan 2001 14:54:29 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f0VMsNg21912; Wed, 31 Jan 2001 14:54:23 -0800 (PST) Date: Wed, 31 Jan 2001 14:54:23 -0800 From: Alfred Perlstein To: Brian Behlendorf Cc: Roman Shterenzon , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind Message-ID: <20010131145423.H26076@fw.wintelcom.net> References: <20010131140447.E26076@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brian@collab.net on Wed, Jan 31, 2001 at 02:48:13PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Brian Behlendorf [010131 14:47] wrote: > On Wed, 31 Jan 2001, Alfred Perlstein wrote: > > * Roman Shterenzon [010131 13:56] wrote: > > > On Wed, 31 Jan 2001, FreeBSD Security Advisories wrote: > > > > > > > ============================================================================= > > > > FreeBSD-SA-01:18 Security Advisory > > > > > > > > Topic: BIND remotely exploitable buffer overflow > > > ..snip.. > > > > > > Why not make it default in the base system? > > > > It has been, but only for several days. > > I think he meant, why not set those recommendations for running as user > "bind" and in a chroot jail as the default? Unless I'm missing something, > that's not the case currently: > > [yez] 2:47pm ~ > fgrep -i named_flag /etc/defaults/rc.conf > named_flags="" # Flags for named > #named_flags="-u bind -g bind" # Flags for named Since named supports a command line option for chroot as well as user flags (-t) it would be trivial to have it the defaultt. It's pretty much a toss-up between usability and security. I guess this is the final blow for me, and I think we should run bind in a sandbox at this point, I'm just worried about confusing newbies who wish to set it up. If anyone has a proposal on doing it by default that doesn't impact ease of use (or if already doesn't impact it) then I'm for it. What I'm worrying about specifically is ndc and other utilities basically are unix domain sockets not in the expected place all of sudden? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message