From owner-freebsd-stable Thu Feb 1 9:30:42 2001 Delivered-To: freebsd-stable@freebsd.org Received: from yertle.kciLink.com (yertle.kciLink.com [208.184.13.195]) by hub.freebsd.org (Postfix) with ESMTP id C397637B4EC for ; Thu, 1 Feb 2001 09:30:22 -0800 (PST) Received: from onceler.kciLink.com (onceler.kciLink.com [208.184.13.196]) by yertle.kciLink.com (Postfix) with ESMTP id E30BF2E443 for ; Thu, 1 Feb 2001 12:30:21 -0500 (EST) Received: (from khera@localhost) by onceler.kciLink.com (8.11.1/8.11.1) id f11HULj79843; Thu, 1 Feb 2001 12:30:21 -0500 (EST) (envelope-from khera) From: Vivek Khera MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14969.40237.815895.937483@onceler.kciLink.com> Date: Thu, 1 Feb 2001 12:30:21 -0500 To: stable@FreeBSD.ORG Subject: Re: DNS security In-Reply-To: <200102011716.f11HGK503410@pau-amma.whistle.com> References: <14969.38607.142726.115583@onceler.kciLink.com> <200102011716.f11HGK503410@pau-amma.whistle.com> X-Mailer: VM 6.90 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>> "DW" == David Wolfskill writes: >> From: Vivek Khera >> 2) bind tries to write temporary files into the CWD. Unfortunately, >> /etc/namedb is root:wheel and not writable by the bind process DW> In turn, named.conf has a directive: DW> options { DW> directory "/etc/namedb"; DW> ... DW> }; Right... but then I have to make whatever is set to "directory" writable by bind, and that means that bind has free reign over everything there. I'd like to be able to tell bind to put its files in some other directory that it is allowed to write to leaving my zone files and such better protected from possible future bugs. It is trivial of course to make /etc/namedb writable by bind except make world will reset it... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message