[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default security

Javier Fernández-Sanguino Peña <jfs@computer.org> writes:

> On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
> > >
>> >
>> >I recall there being discussion a while back about packaging chroot
>> >bind.  I don't know whether or not anything came of it at all.  There is
>> >
>> Debian being what it is, are there any reasons why the debian bind
>> package should not be chroot as the default instalation?
> 	RTFM. That is:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
> 	:) 

 | Regarding limiting BIND's privileges you must be aware that if a
 | non-root user runs BIND, then BIND cannot detect new interfaces
 | automatically. For example, if you stick a PCMCIA card into your laptop.

Like anyone would really want to run bind automatically on all transient
interfaces... It's a *service*, to be run on *serv-ers*!
If you want a named listening on such an interface, the due pain is
deserved, IMHO.

(I've been meaning to get that off my chest for a few months :8)

The above URL links to a bug,
<http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=50013>, which
seems to imply that chroot()ed behaviour will be expected ere long. Have I
missed it, or shall I carry on hoping? :)


Reply to: