[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To the bind maintainer

>> >read what's written in the package's README.Debian
>> >(/usr/share/doc/bind/README.Debian)
>> 
>> You are right ofcourse, I now did and I do NOT agree!
>> It should be easy, like in other packages, to make a
>> post install script that tells you about the problems
>> running named non-root and let YOU choose if you want 
>> to run named root or non-root! With a little effort 
>> you can get more security. 
>Did you *really* read what's said in the README.Debian? I'll just quote the
>relevant part:

Yes, but did -you- *really* read my compromis?

>"Note that if you run named as a user other than root, it will not be able to
>find new interfaces that appear dynamically, such as during a PCMCIA card
>insertion, or if you're running some flavors of IPSEC and/or IP over IP
>tunnels."

Then write a post install script that states this! 
THEN ask the user the next question:

Do you want to run named as a user other than root? (Y/N): [N]

Note the default! But when I want to run named as a user other
than root because I'm a little nervous about security then
I should have that possibility! (and say Y!) Instead of patching
/etc/init.d/bind.

Regards,

Onno
Reply to: