[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Mon, Sep 16, 2002 at 01:41:32PM -0600, Bob Proulx wrote:
> Agreed. <Alarm Bells!> The entire purpose of running named as special
> account is to restrict any access to the filesystem if the daemon is
> cracked.  Therefore assuming a 'named' user as is typical for running
> named non-root, then zero configuration files, absolutely none, should
> ever be owned by the 'named' user.  All configuration files should be
> owned by 'root' to keep them safe from damage in the case of a
> successful attack against the daemon.

Having them readable (but not writable) by the daemon keeps them safe
against attack *and* permits administators to set tighter ownerships (no
o+rX, mind you)

> Agreed.

I (mostly) agree, and I stand corrected as for the possibility of sharing
zone configuration files (which seems not be possible even if it would be
a big plus). However, I would still suggest that zone configuration files
(which should probably *not* be cleared by a --purge, ala /var/www) should
be 640 root:named and not 644 root:root.

However (and I have not investigated this issue) if bind when using -u/-g
is able to read 640 root:root files I would happily abide with the
opinion of the vast majority :)


Reply to: