Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

[Andres Salomon <dilinger@mp3revolution.net>]

I tried to keep my patch as user-friendly as possible; handling chroot
cases would make it a lot less so.  This is not something I wish to
tackle.  Not to mention, the arguments that could be had about where to
put stuff.  Chrooting in /var/cache/bind means putting named.conf in
/var/cache/bind/etc/named.conf, or similar locations; ditto for various
other files.  I would have to make sure policy is satisfied w/ the
various files inside the chroot, and I simply don't care enough about
chrooting bind to commit time to it.


On Tue, Sep 10, 2002 at 12:34:49PM -0700, Mark Ferlatte wrote:
> 
> begin  Andres Salomon quote on Tue, Sep 10, 2002 at 03:14:48PM -0400:
> > serious objections, I will NMU bind9.  It is embarrassing that we still,
> > to this day, ship a bind9 package that runs as root by default
> > (especially given bind's track record, wrt security).
> 
> As long as you're running it as non-root, do you make it chroot() also?
> It's very easy to put bind9 in a chroot() jail, and can (and should) be
> done by the package, with no change to configuration file locations, and
> minimal changes elsewhere (you need to tell syslog to put log socket in
> $bindchroot/etc/log, which admittedly sucks, but is not hard).
> 
> bind8 could also run as non-root, but the maintainer's viewpoint was
> that it would confuse people who had interfaces that were transient.
> User-friendyness wins over security yet again.
> 
> M



-- 
Buying a Unix machine guarantees you a descent into Hell. It starts when
you plug the computer in and it won't boot. Yes, they really did sell you
a $10,000 computer with an unformatted disk drive.
	-- Philip Greenspun