[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Tue, Sep 17, 2002 at 03:51:03AM -0700, Thomas Bushnell, BSG wrote:
> Javier Fernández-Sanguino Peña <jfs@dat.etsit.upm.es> writes:
> > 	No, no folly. Please think a moment. What permissions are you
> > suggestion for master zone files? 644 with root:root? That's plain wrong,
> > I don't want my master zone files to be accesible by any other process
> > than the name server. That's sensible information, you do disable zone 
> > transfers don't you?
> People who think they are getting security by keeping the master zone
> file private should not be allowed to suggest security policy.

Then I take it that you are allowing zone file transfers from your DNS
server. What the use are file permissions if you do not enforce them?
Do you suggest we use 644 root.root permissions for all configuration
files? What if my policy says that zone information should be kept

People who do not find a way to make useful criticism should keep their
mouths shout.


PS: Fyi (if that is useful in anyway) I'm the main writer of the "Debian
Securing Manual", the upstream developer of Tiger and the Debian
maintainer/porter for Bastille (and Nessus, initially).

Attachment: pgpVO6afk6GPw.pgp
Description: PGP signature

Reply to: