On Wed, May 02, 2001 at 02:53:29AM +0000, Adam Olsen wrote: > Since there IS a way to do what he wanted, what would it take to make > it used by default? I'm sure everybody running BIND would feel alot > safer if it never ran as root, and such a practice would probably earn > Debian as a whole a few points for security. bind when configured to run non-root (which debian does not do) drops ALL root privileges irrevokably (sp?). it only starts as root to bind to the port and chroot() to the chroot jail. once those two tasks are complete it drops all root privileges, permanantly. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpT4WvJCjyfc.pgp
Description: PGP signature