[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To the bind maintainer

At 11:49 AM 1/21/00 -0500, Michael Stone wrote:
>On Fri, Jan 21, 2000 at 04:26:10PM +0100, Marek Habersack wrote:
>> You still seem to miss the point. The problem is not with bind starting as
>> another user but with running it on a machine with dynamically changing IP
>> interfaces. bind watches for interfaces going up and down and attaches
>> itself to listen on any of these interfaces that may appear. Now, since the
>> DNS port is 53 TCP/UDP bind has to be root to do it successfuly. After being
>> started as root, AFAIR, bind drops the root privileges completely. If you
>> have a notebook or (as said in the README) using some tunneling stuff, you
>> might have interfaces going up and down dynamically all the time. If bind
>> isn't run as root then you'd have to restart it BY HAND every time any
>> interface changes.
>> As to your security objection and the huge effort that modifying the bind
>> startup file - you do it just ONCE and then forget it. OTOH, the solution
>> with asking a question during the install time would be quite OK. Still, if
>> you answer N to the question above, you'd still have to modify the startup
>> script by hand should you change your mind :))
>I disagree with these priorities. The default should be as secure as
>possible. If we can get a little advantage by running as non-root, we
>should do it. If someone has a requirement that won't work with that
>configuration they should change whatever they need to. *But* they
>should have to take a definate action to reduce their security--it
>should not be done by default.

I agree! 

But lets not forget the users who want/must run bind as root, the user 
should be able to choose during install if he/she want to reduce their 
security or not. Good point though...



Reply to: