[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To the bind maintainer

* ARAKI Yasuhiro said:

> > > have a notebook or (as said in the README) using some tunneling stuff, you
> > > might have interfaces going up and down dynamically all the time. If bind
> > > isn't run as root then you'd have to restart it BY HAND every time any
> > > interface changes.
> Yes. This is true. But, I believe system administrator want to run 
> any server like bind on the stable machine.
> So, they won't select notebook.
Why? I know people who run just caching bind on dynamically linked machines.
Either way, it should be supported.
> > I disagree with these priorities. The default should be as secure as
> > possible. If we can get a little advantage by running as non-root, we
> > should do it. If someone has a requirement that won't work with that
> > configuration they should change whatever they need to. *But* they
> > should have to take a definate action to reduce their security--it
> > should not be done by default.
> I agree. Running bind by non-root is good for security and beginner admin.
I completely agree and never stated otherwise. It's just a matter of making
the administrator aware of the danger. 


Attachment: pgpAt8HF2CLV7.pgp
Description: PGP signature

Reply to: