Date: Fri, 12 Nov 1999 10:24:44 -0700 From: Brett Glass <brett@lariat.org> To: Bill Fumerola <billf@chc-chimes.com> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, security@FreeBSD.ORG Subject: Re: Why not sandbox BIND? Message-ID: <4.2.0.58.19991112102309.045abf00@localhost> In-Reply-To: <Pine.BSF.4.10.9911120922190.85007-100000@jade.chc-chimes.c om> References: <4.2.0.58.19991111220759.044f46d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Our production systems are running an older version of FreeBSD (we always stay a bit behind the leading edge), so they do not have that user. --Brett At 09:22 AM 11/12/1999 -0500, Bill Fumerola wrote: >On Thu, 11 Nov 1999, Brett Glass wrote: > > > I assume you mean rc.conf, not named.conf. > > > > In any case, maybe there should be a "sandbox BIND" flag in rc.conf > > that selects a sandboxed configuration and is on by default. > > Also, it'd be nice to have the user "named" already in /etc/passwd > > and ready to go. > >bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin > >You mean like that in src/etc/master.passwd? > >-- >- bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - >- ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991112102309.045abf00>