Re: To the bind maintainer

To: Jason Gunthorpe <jgg@ualberta.ca>, Greg Stark <gsstark@mit.edu>
Cc: glen@transecure.com, debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Ethan Benson <erbenson@alaska.net>
Date: Sat, 22 Jan 2000 02:47:46 +0000
Message-id: <v04220808b4aeca81fe6f@[192.168.0.1]>
In-reply-to: <[🔎] Pine.LNX.3.96.1000121164654.13079A-100000@wakko.deltatee.com>
References: <[🔎] Pine.LNX.3.96.1000121164654.13079A-100000@wakko.deltatee.com>

On 21/1/2000 Jason Gunthorpe wrote:

I think it is called linux capabilities. If someone wants to make bind
more secure arrange for it to run as nobody with bind-to-any-port
capability (or something like that)

this requires filesystem support to store the capabilities, which isnot done yet.

That is the best way to go, needs a bind patch though!


and a filesystem patch.

I'm not sure how a nobody running bind can write its zone cache files
though..

you would still have to run bind as user named and make the cachefiles owned by that user.



--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/

Reply to:

Follow-Ups:
- Re: To the bind maintainer
  - From: Jason Gunthorpe <jgg@ualberta.ca>

References:
- Re: To the bind maintainer
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: Re: potato testing: xdm vs gpm, samba changed?
Next by Date: Re: Bulgarian additions to Debian
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread