Date: Fri, 2 Feb 2001 13:25:04 +0100 From: Guido van Rooij <guido@mouse.gvr.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Alfred Perlstein <bright@wintelcom.net>, Brian Behlendorf <brian@collab.net>, Roman Shterenzon <roman@xpert.com>, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind Message-ID: <20010202132503.A2065@eniac.mpn.cp.philips.com> In-Reply-To: <200101312305.f0VN5vJ19469@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Jan 31, 2001 at 03:05:57PM -0800 References: <20010131140447.E26076@fw.wintelcom.net> <Pine.BSF.4.31.0101311447150.729-100000@localhost> <20010131145423.H26076@fw.wintelcom.net> <200101312305.f0VN5vJ19469@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 31, 2001 at 03:05:57PM -0800, Matt Dillon wrote: > Quite a few people have been using the sandbox options in the > last year without any ill effects (I was the original author of > the feature). The only issue is that you cannot HUP named (it will > not be able to rebind its sockets), you can only restart it, and > you have to supply the proper options to ndc when restarting it > (-u bind -g bind). I usually restart it anyway (I don't trust the > named HUP code). > IIRC you also should run syslogd such that named can log in the sandbox, e.g. with syslogd -l /sandbox/var/run/log -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202132503.A2065>