Re: To the bind maintainer
On Jan 22, Jason Gunthorpe <jgg@ualberta.ca> wrote:
>I think it is called linux capabilities. If someone wants to make bind
>more secure arrange for it to run as nobody with bind-to-any-port
>capability (or something like that)
It's not so easy, without a wrapper the program would still have UID=0.
Look at http://www.linux.it/~md/software/ssd.tgz
>I'm not sure how a nobody running bind can write its zone cache files
>though..
chown bind.bind /var/cache/bind/
--
ciao,
Marco
Reply to: