Re: To the bind maintainer
I agree mstone's notice.
At Fri, 21 Jan 2000 11:49:08 -0500,
Michael Stone <mstone@debian.org> wrote:
>
> [1 <text/plain; us-ascii (quoted-printable)>]
> On Fri, Jan 21, 2000 at 04:26:10PM +0100, Marek Habersack wrote:
> > have a notebook or (as said in the README) using some tunneling stuff, you
> > might have interfaces going up and down dynamically all the time. If bind
> > isn't run as root then you'd have to restart it BY HAND every time any
> > interface changes.
Yes. This is true. But, I believe system administrator want to run
any server like bind on the stable machine.
So, they won't select notebook.
> I disagree with these priorities. The default should be as secure as
> possible. If we can get a little advantage by running as non-root, we
> should do it. If someone has a requirement that won't work with that
> configuration they should change whatever they need to. *But* they
> should have to take a definate action to reduce their security--it
> should not be done by default.
I agree. Running bind by non-root is good for security and beginner admin.
---
ARAKI Yasuhiro / yasu@debian.or.jp
IIJ. Tokyo, Japan.
Reply to: