[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Tue, 10 Sep 2002 21:34, Mark Ferlatte wrote:
> begin  Andres Salomon quote on Tue, Sep 10, 2002 at 03:14:48PM -0400:
> > serious objections, I will NMU bind9.  It is embarrassing that we still,
> > to this day, ship a bind9 package that runs as root by default
> > (especially given bind's track record, wrt security).
>
> As long as you're running it as non-root, do you make it chroot() also?

Chroot is much more difficult to manage.  Non-root is a no-cost option.

> bind8 could also run as non-root, but the maintainer's viewpoint was
> that it would confuse people who had interfaces that were transient.
> User-friendyness wins over security yet again.

It would not confuse anyone.  Have it run with authbind and it will do 
everything as non-root that it could do as root.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
Reply to: