Re: Whom the BIND newest vulnerability concerns?
>I ended so far removing options --pidfile /var/run/named.pid
>from /etc/init.d/bind
>which, I _think_, will be safier than giving write permission for group
>"daemon" to /var/run
What is the danger in giving group daemon write access to /var/run?
Programs running with group daemon used to run as root! A program that many
people trust enough to run as root is a program that I usually trust enough
to give write access to /var/run.
Also with the sticky bit on /var/run they can't delete each other's pid files
so if such a program is compromised it can't interfere with a running daemon.
--
Electronic information tampers with your soul.
Reply to: