Re: To the bind maintainer

To: Jason Gunthorpe <jgg@ualberta.ca>
Cc: Ethan Benson <erbenson@alaska.net>, Greg Stark <gsstark@mit.edu>, glen@transecure.com, debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Marek Habersack <grendel@vip.net.pl>
Date: Sat, 22 Jan 2000 17:07:10 +0100
Message-id: <[🔎] 20000122170710.C8031@vip.net.pl>
Reply-to: grendel@vip.net.pl
In-reply-to: <[🔎] Pine.LNX.3.96.1000121195149.13278B-100000@wakko.deltatee.com>; from jgg@ualberta.ca on Fri, Jan 21, 2000 at 07:55:23PM -0700
References: <v04220808b4aeca81fe6f@[192.168.0.1]> <[🔎] Pine.LNX.3.96.1000121195149.13278B-100000@wakko.deltatee.com>

* Jason Gunthorpe said:
> 
> On Sat, 22 Jan 2000, Ethan Benson wrote:
> 
> > >I think it is called linux capabilities. If someone wants to make bind
> > >more secure arrange for it to run as nobody with bind-to-any-port
> > >capability (or something like that)
> > 
> > this requires filesystem support to store the capabilities, which is 
> > not done yet.
> 
> No it doesn't. You just run it as root and have it make the proper
> capabilities syscalls before switching to not-root. You need the FS patch
> if you want to do the above *without* changing bind's source.
It's not "just". You'd have to modify bind quite a lot and not in only the
startup code. 
 
marek

Attachment: pgpvxS4jPOh6O.pgp
Description: PGP signature

Reply to:

References:
- Re: To the bind maintainer
  - From: Ethan Benson <erbenson@alaska.net>
- Re: To the bind maintainer
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: Re: To the bind maintainer
Next by Date: Re: To the bind maintainer
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread