From owner-cvs-all Tue Dec 15 06:19:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02497 for cvs-all-outgoing; Tue, 15 Dec 1998 06:19:30 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: (from jmb@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02488; Tue, 15 Dec 1998 06:19:18 -0800 (PST) (envelope-from jmb) Date: Tue, 15 Dec 1998 06:19:18 -0800 (PST) Message-Id: <199812151419.GAA02488@hub.freebsd.org> From: "Jonathan M. Bresler" To: dima@best.net CC: dillon@apollo.backplane.com, des@flood.ping.uio.no, committers@FreeBSD.ORG In-reply-to: <199812150316.TAA20006@burka.rdy.com> (dima@best.net) Subject: Re: Bind sandbox bogosity References: <199812150316.TAA20006@burka.rdy.com> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk > Matthew Dillon writes: > > The first problem is a non-problem, i.e. a bogus > > warning because HUPing named does not change it's > > pid. > > > > The second problem is real, and I did mention it. However, > > my feeling is that running named in a sandbox is a basic > > security precaution that must be taken and that the vast > > majority of configurations will not have a problem with > > it. It would be nice if there were a way to turn off > > the interface scanning junk, though. named is the only > > major program I know that does that (a Vixie bogosity, > > in my view). > Date: Mon, 14 Dec 1998 19:16:52 -0800 (PST) > From: dima@best.net (Dima Ruban) > > sendmail is the other one. i am currently preparing Postfix for commit. Postfix is a mail transfer agent written by Wieste Venema (tcp_wrappers and satan) which may be used in place of sendmail. (www.postfix.org) Postfix can be run in a chroot jail. Postfix should have its own userid. uid == gid == 25. username == groupname == postfix. Postfix should be commited later this week. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message