Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)
I demand that Russell Coker may or may not have written...
> On Tue, 10 Sep 2002 21:34, Mark Ferlatte wrote:
>> begin Andres Salomon quote on Tue, Sep 10, 2002 at 03:14:48PM -0400:
>>> serious objections, I will NMU bind9. It is embarrassing that we still,
>>> to this day, ship a bind9 package that runs as root by default
>>> (especially given bind's track record, wrt security).
>> As long as you're running it as non-root, do you make it chroot() also?
> Chroot is much more difficult to manage. [...]
Hmm... two named processes, one a child of the other:
- on receiving SIGHUP, the parent forks
- the new child reads the configuration then goes into a chroot and starts
listening; possibly also become non-root
- the parent passes on the signal to the old child (in case it hasn't
received it; I tend to use killall)
- old child, on receiving the signal, stops listening, and will exit() when
existing lookups have been handled
Or something like that, anyway.
| Darren Salt | linux (or ds) at | nr. Ashington,
| Linux PC, Risc PC | youmustbejoking | Northumberland
| No Wodniws here | demon co uk | Toon Army
Your aims are high, and you are incapable of much.