[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To the bind maintainer

On Sat, 22 Jan 2000, Ethan Benson wrote:

> >I think it is called linux capabilities. If someone wants to make bind
> >more secure arrange for it to run as nobody with bind-to-any-port
> >capability (or something like that)
> this requires filesystem support to store the capabilities, which is 
> not done yet.

No it doesn't. You just run it as root and have it make the proper
capabilities syscalls before switching to not-root. You need the FS patch
if you want to do the above *without* changing bind's source.

Check out how proftpd does it.


Reply to: