From owner-freebsd-stable  Thu Feb  1  9:43:28 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from yertle.kciLink.com (yertle.kciLink.com [208.184.13.195])
	by hub.freebsd.org (Postfix) with ESMTP id 1B49137B491
	for <stable@FreeBSD.ORG>; Thu,  1 Feb 2001 09:43:11 -0800 (PST)
Received: from onceler.kciLink.com (onceler.kciLink.com [208.184.13.196])
	by yertle.kciLink.com (Postfix) with ESMTP id 69CCA2E440
	for <stable@FreeBSD.ORG>; Thu,  1 Feb 2001 12:43:10 -0500 (EST)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.1/8.11.1) id f11HhAV86193;
	Thu, 1 Feb 2001 12:43:10 -0500 (EST)
	(envelope-from khera)
From: Vivek Khera <khera@kciLink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14969.41006.240661.842348@onceler.kciLink.com>
Date: Thu, 1 Feb 2001 12:43:10 -0500
To: FreeBSD Stable <stable@FreeBSD.ORG>
Subject: Re: DNS security
In-Reply-To: <Pine.BSF.4.21.0102011129290.62920-100000@awww.jeah.net>
References: <14969.38607.142726.115583@onceler.kciLink.com>
	<Pine.BSF.4.21.0102011129290.62920-100000@awww.jeah.net>
X-Mailer: VM 6.90 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "CB" == Chris Byrnes <chris@JEAH.net> writes:

>> 2) bind tries to write temporary files into the CWD.  Unfortunately,

CB> cd /etc
CB> chown -R bind:bind namedb
CB> chmod 700 namedb

Right... but next make installworld clobbers it back to root:wheel.
Otherwise it is a fine solution other than it may give bind
permissions to clobber files I don't want it to (due to unknown bugs).

Perhaps the mtree file could be changed to make /etc/namedb bind:bind
ownership?





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message