On 21/1/2000 Jason Gunthorpe wrote:
I think it is called linux capabilities. If someone wants to make bind more secure arrange for it to run as nobody with bind-to-any-port capability (or something like that)
this requires filesystem support to store the capabilities, which is not done yet.
That is the best way to go, needs a bind patch though!
and a filesystem patch.
I'm not sure how a nobody running bind can write its zone cache files though..
you would still have to run bind as user named and make the cache files owned by that user.
-- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/