Re: Got root?

To: debian-security@lists.debian.org
Subject: Re: Got root?
From: Ethan Benson <erbenson@alaska.net>
Date: Tue, 1 May 2001 20:37:24 -0800
Message-id: <20010501203724.L891@plato.local.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010502025329.A31679@rhamphoryncus.dyndns.org>; from adamolsen@technologist.com on Wed, May 02, 2001 at 02:53:29AM +0000
References: <01042907190600.00703@kiwi> <20010501001130.17393.qmail@alongtheway.com> <20010502025329.A31679@rhamphoryncus.dyndns.org>

On Wed, May 02, 2001 at 02:53:29AM +0000, Adam Olsen wrote:

> Since there IS a way to do what he wanted, what would it take to make
> it used by default?  I'm sure everybody running BIND would feel alot
> safer if it never ran as root, and such a practice would probably earn
> Debian as a whole a few points for security.

bind when configured to run non-root (which debian does not do) drops
ALL root privileges irrevokably (sp?).  it only starts as root to bind
to the port and chroot() to the chroot jail.  once those two tasks are
complete it drops all root privileges, permanantly.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpT4WvJCjyfc.pgp
Description: PGP signature

Reply to:

References:
- Re: Got root?
  - From: Adam Olsen <adamolsen@technologist.com>

Prev by Date: Re: Got root?
Next by Date: Lprng version question
Previous by thread: Re: Got root?
Next by thread: IP_MASQ:reverse ICMP: failed checksum from x.x.x.x!
Index(es):
- Date
- Thread