Re: To the bind maintainer

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: md@linux.it (Marco d'Itri)
Date: Sat, 22 Jan 2000 11:50:34 +0100
Message-id: <[🔎] 20000122115034.B861@wonderland.linux.it>
In-reply-to: <[🔎] Pine.LNX.3.96.1000121164654.13079A-100000@wakko.deltatee.com>; from jgg@ualberta.ca on Fri, Jan 21, 2000 at 04:48:35PM -0700
References: <[🔎] Pine.LNX.3.96.1000121164654.13079A-100000@wakko.deltatee.com>

On Jan 22, Jason Gunthorpe <jgg@ualberta.ca> wrote:
 
 >I think it is called linux capabilities. If someone wants to make bind
 >more secure arrange for it to run as nobody with bind-to-any-port
 >capability (or something like that) 
It's not so easy, without a wrapper the program would still have UID=0.
Look at http://www.linux.it/~md/software/ssd.tgz

 >I'm not sure how a nobody running bind can write its zone cache files
 >though.. 
chown bind.bind /var/cache/bind/

-- 
ciao,
Marco

Reply to:

References:
- Re: To the bind maintainer
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: Re: To the bind maintainer
Next by Date: Alsa kernel module
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread