Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)
On Mon, Sep 16, 2002 at 01:41:32PM -0600, Bob Proulx wrote:
> Agreed. <Alarm Bells!> The entire purpose of running named as special
> account is to restrict any access to the filesystem if the daemon is
> cracked. Therefore assuming a 'named' user as is typical for running
> named non-root, then zero configuration files, absolutely none, should
> ever be owned by the 'named' user. All configuration files should be
> owned by 'root' to keep them safe from damage in the case of a
> successful attack against the daemon.
Having them readable (but not writable) by the daemon keeps them safe
against attack *and* permits administators to set tighter ownerships (no
o+rX, mind you)
> Agreed.
I (mostly) agree, and I stand corrected as for the possibility of sharing
zone configuration files (which seems not be possible even if it would be
a big plus). However, I would still suggest that zone configuration files
(which should probably *not* be cleared by a --purge, ala /var/www) should
be 640 root:named and not 644 root:root.
However (and I have not investigated this issue) if bind when using -u/-g
is able to read 640 root:root files I would happily abide with the
opinion of the vast majority :)
Javi
Reply to: