Date: 01 Feb 2001 18:15:16 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: FengYue <fengyue@bluerose.windmoon.nu> Cc: Rossen Raykov <rraykov@sageian.com>, freebsd-security@FreeBSD.ORG Subject: Re: Ronning named in chroot env Message-ID: <xzpn1c6wcij.fsf@flood.ping.uio.no> In-Reply-To: FengYue's message of "Thu, 1 Feb 2001 09:02:55 -0800 (PST)" References: <Pine.BSF.4.10.10102010900440.42133-100000@bluerose.windmoon.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
FengYue <fengyue@bluerose.windmoon.nu> writes: > Actually, all I did was: > > named -t /etc/namedb -u bind -g bind named.conf > > that seems to work just fine. Only if your named.conf has 'directory "/";' in the options section, and you don't have any slave zones, and you're not interested in any log messages your name server produces. Come to think of it, the fact that named is now unable to log error messages is probably the reason why you think it works just fine :) > Just make sure /etc/namedb/s and files > under it are all owned by bind:bind. ...and for extra paranoia, make sure everything else in /etc/namedb is owned by root:wheel and not writable by anyone - maybe even schg. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpn1c6wcij.fsf>