Re: Whom the BIND newest vulnerability concerns?
At 17:08 +0100 1999-11-12, Russell Coker wrote:
>On Fri, 12 Nov 1999, Tomasz Papszun wrote:
>>Sorry for bothering debian-devel; maybe I should have asked it on
>>debian-users instead... but I think that - as this approach seems useful -
>>developers could benefit too.
>>
>>Russell, would you mind (if your free time allows it) describing possibly
>>in detailed way - how one could implement your solution, messing Debian's
>>files as little as possible. OK, I know how to add a "system" user for
>>this purpose :-) but later?
>
>I have attached my /etc/init.d/bind file and here's the configuration for
>authbind:
>
>l /etc/authbind/byport/
>total 2
>drwxr-xr-x 2 root root 1024 Nov 12 17:09 .
>drwxr-xr-x 5 root root 1024 Nov 2 15:09 ..
>-rwx------ 1 ldap root 0 Nov 2 15:09 389
>-rwx------ 1 named root 0 Nov 2 15:09 53
>
>It's simple enough to do.
I'm not sure this offers any major advantage over starting named with -u named
-g named.
--- /etc/init.d/bind.~1~ Sat Oct 30 00:34:53 1999
+++ /etc/init.d/bind Fri Nov 12 11:51:46 1999
@@ -5,7 +5,8 @@
case "$1" in
start)
echo -n "Starting domain name service: named"
- start-stop-daemon --start --quiet --exec /usr/sbin/named
+ start-stop-daemon --start --quiet \
+ --exec /usr/sbin/named -- -u named -g named
echo "."
;;
named 20182 0.0 1.2 2192 1552 ? S 11:44 0:00 /usr/sbin/named -u named -g named
--
Joel Klecker (aka Espy) Debian GNU/Linux Developer
<URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org>
<URL:http://web.espy.org/> <URL:http://www.debian.org/>
Reply to: