Date: Wed, 29 Aug 2001 14:46:27 +0100 From: Brian Somers <brian@Awfulhak.org> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Brian Somers <brian@Awfulhak.org>, Joshua Goodall <joshua@roughtrade.net>, Giorgos Keramidas <keramida@ceid.upatras.gr>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <200108291346.f7TDkRf76403@hak.lan.Awfulhak.org> In-Reply-To: Message from Sheldon Hearn <sheldonh@starjuice.net> of "Wed, 29 Aug 2001 15:30:58 %2B0200." <76675.999091858@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 29 Aug 2001 14:09:14 +0100, Brian Somers wrote:
>
> > For the n'th time on this thread, everyone that has
> >
> > named_enable=YES
> >
> > in /etc/rc.conf and don't have ``named_flags='' will now have named
> > running with -u bind and will not be able to update their secondary
> > zone files.
>
> Why? The same mergemaster that changes named_flags in
> /etc/defaults/rc.conf will also change /etc/namedb/named.conf .
What, you have a live nameserver that has a configuration that even
closely resembles the distributed named.conf ? Why do I find that
difficult to believe ?
Remember, we're not talking about scratch boxes here, we're talking
about this change not being appropriate for -stable (production).
> > Now perhaps someone can tell me what the purpose of this blatant
> > -minded breakage is. What do we gain by changing the default
> > variable values for a service that has never been enabled by default ?
>
> We gain protection of a significant number of entry-level administrators
> from potential root exploits.
This was already half achieved by the presence of the commented out
named_flags variable. Adding a comment to impress on people that
using -u bind is more secure would have been a good change. Removing
the # so that configurations break is.... well, see above.
> I ignored the rest of your message because it only applies if you're
> right about the impact, and I don't think you are.
If you've got no facts then we've got nothing to discuss. What
exactly do you mean when you say you don't think I'm right ? Are you
saying that you don't think there are any users out there that query
on port 53 or that have read-only-by-root key files ? Or are you
saying that they had better be smart enough to drop a named_enable=
in their rc.conf to counter a gratuitous change ?
> Ciao,
> Sheldon.
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108291346.f7TDkRf76403>