[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To the bind maintainer

I agree mstone's notice.

At Fri, 21 Jan 2000 11:49:08 -0500,
Michael Stone <mstone@debian.org> wrote:
> 
> [1  <text/plain; us-ascii (quoted-printable)>]
> On Fri, Jan 21, 2000 at 04:26:10PM +0100, Marek Habersack wrote:

> > have a notebook or (as said in the README) using some tunneling stuff, you
> > might have interfaces going up and down dynamically all the time. If bind
> > isn't run as root then you'd have to restart it BY HAND every time any
> > interface changes.

Yes. This is true. But, I believe system administrator want to run 
any server like bind on the stable machine.
So, they won't select notebook.

> I disagree with these priorities. The default should be as secure as
> possible. If we can get a little advantage by running as non-root, we
> should do it. If someone has a requirement that won't work with that
> configuration they should change whatever they need to. *But* they
> should have to take a definate action to reduce their security--it
> should not be done by default.

I agree. Running bind by non-root is good for security and beginner admin.

---
ARAKI Yasuhiro / yasu@debian.or.jp 
IIJ. Tokyo, Japan.
Reply to: