[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

I demand that Russell Coker may or may not have written...

> On Tue, 10 Sep 2002 21:34, Mark Ferlatte wrote:
>> begin  Andres Salomon quote on Tue, Sep 10, 2002 at 03:14:48PM -0400:
>>> serious objections, I will NMU bind9.  It is embarrassing that we still,
>>> to this day, ship a bind9 package that runs as root by default
>>> (especially given bind's track record, wrt security).
>> As long as you're running it as non-root, do you make it chroot() also?

> Chroot is much more difficult to manage. [...]

Hmm... two named processes, one a child of the other:

  - on receiving SIGHUP, the parent forks
  - the new child reads the configuration then goes into a chroot and starts
    listening; possibly also become non-root
  - the parent passes on the signal to the old child (in case it hasn't
    received it; I tend to use killall)
  - old child, on receiving the signal, stops listening, and will exit() when
    existing lookups have been handled

Or something like that, anyway.

| Darren Salt       | linux (or ds) at | nr. Ashington,
| Linux PC, Risc PC | youmustbejoking  | Northumberland
| No Wodniws here   | demon co uk      | Toon Army
|   <URL:http://www.youmustbejoking.demon.co.uk/progs.packages.html>

Your aims are high, and you are incapable of much.

Reply to: