* Jason Gunthorpe said: > > On Sat, 22 Jan 2000, Ethan Benson wrote: > > > >I think it is called linux capabilities. If someone wants to make bind > > >more secure arrange for it to run as nobody with bind-to-any-port > > >capability (or something like that) > > > > this requires filesystem support to store the capabilities, which is > > not done yet. > > No it doesn't. You just run it as root and have it make the proper > capabilities syscalls before switching to not-root. You need the FS patch > if you want to do the above *without* changing bind's source. It's not "just". You'd have to modify bind quite a lot and not in only the startup code. marek
Attachment:
pgpvxS4jPOh6O.pgp
Description: PGP signature