Re: To the bind maintainer

To: Greg Stark <gsstark@mit.edu>
Cc: glen@transecure.com, debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Fri, 21 Jan 2000 16:48:35 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1000121164654.13079A-100000@wakko.deltatee.com>
In-reply-to: <[🔎] 87aelzt2iq.fsf@HSE-Montreal-ppp33976.qc.sympatico.ca>

On 21 Jan 2000, Greg Stark wrote:

> If you want to improve security you should implement a kernel interface for
> non-root users to be able to do what named does. Then propose this again.

I think it is called linux capabilities. If someone wants to make bind
more secure arrange for it to run as nobody with bind-to-any-port
capability (or something like that) 

That is the best way to go, needs a bind patch though!

I'm not sure how a nobody running bind can write its zone cache files
though.. 

Jason

Reply to:

Follow-Ups:
- Re: To the bind maintainer
  - From: Ethan Benson <erbenson@alaska.net>
- Re: To the bind maintainer
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: To the bind maintainer
  - From: md@linux.it (Marco d'Itri)

References:
- Re: To the bind maintainer
  - From: Greg Stark <gsstark@mit.edu>

Prev by Date: Re: To the bind maintainer
Next by Date: Re: To the bind maintainer
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread