Re: default security
Javier Fernández-Sanguino Peña <jfs@computer.org> writes:
> On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
> > >
>> >
>> >I recall there being discussion a while back about packaging chroot
>> >bind. I don't know whether or not anything came of it at all. There is
>> >
>> Debian being what it is, are there any reasons why the debian bind
>> package should not be chroot as the default instalation?
>
> RTFM. That is:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
>
> :)
| Regarding limiting BIND's privileges you must be aware that if a
| non-root user runs BIND, then BIND cannot detect new interfaces
| automatically. For example, if you stick a PCMCIA card into your laptop.
Like anyone would really want to run bind automatically on all transient
interfaces... It's a *service*, to be run on *serv-ers*!
If you want a named listening on such an interface, the due pain is
deserved, IMHO.
(I've been meaning to get that off my chest for a few months :8)
The above URL links to a bug,
<http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=50013>, which
seems to imply that chroot()ed behaviour will be expected ere long. Have I
missed it, or shall I carry on hoping? :)
[snip]
~Tim
--
<http://spodzone.org.uk/>
Reply to: