Re: Whom the BIND newest vulnerability concerns?

To: Tomasz Papszun <tomek@lodz.tpsa.pl>, Herbert Xu <herbert@gondor.apana.org.au>
Cc: debian-devel@lists.debian.org
Subject: Re: Whom the BIND newest vulnerability concerns?
From: Russell Coker <russell@coker.com.au>
Date: Mon, 15 Nov 1999 19:55:12 +0100
Message-id: <9911151957310X.00788@lyta>
Reply-to: russell@coker.com.au
In-reply-to: <19991115194436.B30677@lodz.tpsa.pl>
References: <19991112140622.A30598@lodz.tpsa.pl> <199911142241.JAA02927@gondor.apana.org.au> <19991115194436.B30677@lodz.tpsa.pl>

>I ended so far removing options  --pidfile /var/run/named.pid
>from /etc/init.d/bind
>which, I _think_, will be safier than giving write permission for group
>"daemon" to /var/run

What is the danger in giving group daemon write access to /var/run?

Programs running with group daemon used to run as root!  A program that many
people trust enough to run as root is a program that I usually trust enough
to give write access to /var/run.
Also with the sticky bit on /var/run they can't delete each other's pid files
so if such a program is compromised it can't interfere with a running daemon.

-- 
Electronic information tampers with your soul.

Reply to:

Follow-Ups:
- Re: Whom the BIND newest vulnerability concerns?
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: Whom the BIND newest vulnerability concerns?
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

References:
- Whom the BIND newest vulnerability concerns?
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: Whom the BIND newest vulnerability concerns?
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: Whom the BIND newest vulnerability concerns?
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

Prev by Date: re: cd snapshots
Next by Date: Re: cd snapshots
Previous by thread: Re: Whom the BIND newest vulnerability concerns?
Next by thread: Re: Whom the BIND newest vulnerability concerns?
Index(es):
- Date
- Thread